Pressingly · hunzlahmalik · May 18, 2026
diff --git a/server/env.ts b/server/env.ts
@@ -520,10 +520,11 @@ export class Environment {
 
   /**
    * The authentication type to use. When set to "SSO", the server will trust
-   * X-Auth-Request-Email and X-Auth-Request-User headers injected by a reverse
-   * proxy (e.g. oauth2-proxy, Authelia) for authentication and automatic user
-   * provisioning. Only enable this when Outline is deployed behind a trusted
-   * authenticating proxy on a self-hosted instance.
+   * the X-Auth-Request-Email header injected by a reverse proxy
+   * (e.g. oauth2-proxy, Authelia) for authentication and automatic user
+   * provisioning. The display name is derived from the email local-part.
+   * Only enable this when Outline is deployed behind a trusted authenticating
+   * proxy on a self-hosted instance.
    */
   @Public
   @IsOptional()

diff --git a/server/middlewares/authentication.test.ts b/server/middlewares/authentication.test.ts
@@ -436,9 +436,6 @@ describe("Authentication middleware", () => {
               if (header === "x-auth-request-email") {
                 return newEmail;
               }
-              if (header === "x-auth-request-user") {
-                return "New User";
-              }
               return "";
             }),
           },
@@ -455,36 +452,6 @@ describe("Authentication middleware", () => {
         where: { email: newEmail.toLowerCase() },
       });
       expect(provisioned).not.toBeNull();
-      expect(state.auth.user.email).toEqual(newEmail.toLowerCase());
-      expect(state.auth.user.name).toEqual("New User");
-    });
-
-    it("should use email prefix as name when X-Auth-Request-User is absent", async () => {
-      await buildTeam();
-      const state = {} as DefaultState;
-      const authMiddleware = auth();
-      const newEmail = `prefix-${randomString(6)}@example.com`;
-
-      await authMiddleware(
-        {
-          // @ts-expect-error mock request
-          request: {
-            get: jest.fn((header: string) => {
-              if (header === "x-auth-request-email") {
-                return newEmail;
-              }
-              return "";
-            }),
-          },
-          // @ts-expect-error mock cookies
-          cookies: { get: jest.fn(() => undefined), set: jest.fn() },
-          state,
-          ip: "127.0.0.1",
-          cache: {},
-        },
-        jest.fn()
-      );
-
       expect(state.auth.user.email).toEqual(newEmail.toLowerCase());
       expect(state.auth.user.name).toEqual(
         newEmail.toLowerCase().split("@")[0]

diff --git a/server/middlewares/authentication.ts b/server/middlewares/authentication.ts
@@ -375,7 +375,6 @@ async function validateAuthentication(
 
     const email = normalizeProxyEmail(token.slice(4));
     const localPart = email.split("@")[0];
-    const displayName = ctx.request.get("x-auth-request-user") || localPart;
     const { domain } = parseEmail(email);
 
     // Concurrent-creation race guard. The SPA on first-ever login fires
@@ -448,7 +447,7 @@ async function validateAuthentication(
       });
       const created = await User.create(
         {
-          name: displayName,
+          name: localPart,
           email,
           teamId: team.id,
           // First user into a brand-new team becomes admin.