This bug is over one year old and in the meanwhile the client moved away from Discourse, so I cannot fully reproduce this anymore. However, I always take extensive notes so I even have record of the SSO payloads from back then. I am unable to inspect any other settings and/or try to repro on that exact instance though.
Back to my notes. What happened was a bit different from what you are doing. The SSO was passing an empty groups field (just
groups=). But the users in question were members of another group, unknown to the SSO provider, which was forcing its members to TL2.
Additionally, the TL2 and TL3 welcome messages act differently as far as I recall, so you might have to use TL2 instead of TL3 if you attempt to reproduce this.
So to reproduce, I think you need to do the following: (note that I introduced a second group)
- Set up wordpress user “Steaky” with email firstname.lastname@example.org
wpdc_custom_sso_params to set
dogs group to all users who sign in with
$params['groups'] = 'dogs';
- Create a user “Steaky” with email email@example.com
- Make Steaky
trust_level_1 legitimately (not locked)
- create group “cats” and “dogs” and set “Trust level automatically granted to members" to 2 for “cats”
- make Steaky member of group