Tested the plugin changes and they at least let me log back in again. Have not tested the script.php changes which I assume is to fix upgrades. Still doesn't address the myriad of other issues with this disaster of a code change

I have tested this item ✅ successfully on deb4d5f

Confirmed the issue, tested the patch. Confirmed that the script.php checks the values and resets them back to empty when they are invalid

I have tested this item ✅ successfully on deb4d5f

I don't have a CA SSL cert so could not test Webauthn. I tested it the same way as 37416 and was able to duplicate the problem and then load the patch and login again.

Canyou remove the new language strings as well please
COM_USERS_USER_FIELD_AUTHPROVIDER_DESC
COM_USERS_USER_FIELD_AUTHPROVIDER_LABEL

Canyou remove the new language strings as well please

Done! Also checked in with @tecpromotion as tt-coordinator.

and remove
administrator/components/com_users/src/Field/PrimaryauthprovidersField.php

components/com_users/tmpl/profile/edit.php
<?php if (count($this->twofactormethods) > 1 && !empty($this->twofactorform)) : ?>

not sure if that change is still needed

libraries/src/Authentication/ProviderAwareAuthenticationPluginInterface.php

libraries/src/Table/User.php

 * Updates auth provider of a user

administrator/components/com_users/src/Field/PrimaryauthprovidersField.php
libraries/src/Authentication/ProviderAwareAuthenticationPluginInterface.php

Would leave those two files for now as removing them (and therefore adding them to the deletion list in script.php) would prevent us from re-using the same file names for the future patch.

No you have to remove them (and come up with new names in future) otherwise you will be breaking semver when you change the contents of the library files.

libraries/src/User/User.php
public function setAuthProvider($authProvider)

plugins/authentication/cookie/cookie.php
use Joomla\CMS\Authentication\ProviderAwareAuthenticationPluginInterface;
public static function isPrimaryProvider()

and the same in other plugins

No you have to remove them (and come up with new names in future) otherwise you will be breaking semver when you change the contents of the library files.

Ok, fair comment, done!

Thanks @SniperSister

semver!!

where do you see a semver violation?

semver!!

where do you see a semver violation?

it should be properly marked as deprecated so that an ide etc will spot it.

hat an ide etc will spot it.

The interface is deprecated all other parts get removed because not covered by our semver promise. Also semver doesn't allow us to add deprecations in bugfix releases. that's the reason David added the comment "Please note: might be deprecated with Joomla 4.2"

or do you mean something different?

Thanks everyone for this good collaboration.
@nikosdion and @brianteeman are you both ok with the solution?

@bembelimen I am OK with this solution.

@bembelimen seems ok.

Thank you all!

@SniperSister @bembelimen the binding issue has extreme similarities to the Media Manager Adapters, maybe you should take a look how @joomdonation @Fedik @laoneo and me tackled that binding and get some inspiration...

Basically #34069 and #33724 (maybe a couple more)