I adding some more to my debugging input so I could inspect the $sso_params passed into the sync_sso in an existing user case (success) versus new user case (failure), they both look similar. They both show properly filled out values for all these:
[avatar_force_update]
[avatar_url
[bio]
[name]
[require_activation]
[email]
[username]
[external_id]
What’s also head-scratching is that we have another very similar WordPress/Discourse installation and this doesn’t happen at all there. I’m going to pore over all the Discourse settings for each and see if there any differences that might be causing this.