diff --git a/.rubocop.yml b/.rubocop.yml
index 9f6ae1c9eb438eec5f0def8803b96d4d1d491bf2..db58bc26007404b4f19b12415497bdeb28cbe63c 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -70,7 +70,7 @@ Metrics/ClassLength:
 # A calculated magnitude based on number of assignments,
 # branches, and conditions.
 Metrics/AbcSize:
-  Max: 65
+  Max: 75
 
 Metrics/ParameterLists:
   CountKeywordArgs: false
@@ -82,7 +82,7 @@ Metrics/CyclomaticComplexity:
   Max: 16
 
 Metrics/PerceivedComplexity:
-  Max: 15
+  Max: 17
 
 Rails/Exit:
   Exclude:
diff --git a/app/controllers/api/v1/migrations/external_controller.rb b/app/controllers/api/v1/migrations/external_controller.rb
index b398e241e5fc4bbddea5a69aa4afe35bfe3d3f52..f5191878ad59f6cdadb7dce3b92981aba2cef0a6 100644
--- a/app/controllers/api/v1/migrations/external_controller.rb
+++ b/app/controllers/api/v1/migrations/external_controller.rb
@@ -16,8 +16,6 @@
 
 # frozen_string_literal: true
 
-# rubocop:disable Metrics/PerceivedComplexity
-
 module Api
   module V1
     module Migrations
@@ -276,4 +274,3 @@ module Api
     end
   end
 end
-# rubocop:enable Metrics/PerceivedComplexity
diff --git a/app/controllers/external_controller.rb b/app/controllers/external_controller.rb
index 7e916805665dd76043bf564687521afe0d5e4ea4..a4b87b6af1b2932fa82a0e8892d7ad06a8a40e31 100644
--- a/app/controllers/external_controller.rb
+++ b/app/controllers/external_controller.rb
@@ -30,7 +30,15 @@ class ExternalController < ApplicationController
 
     user_info = build_user_info(credentials)
 
-    user = User.find_by(external_id: credentials['uid'], provider:) || User.find_by(email: credentials['info']['email'], provider:)
+    user = User.find_by(external_id: credentials['uid'], provider:)
+
+    # Fallback mechanism to search by email
+    if user.blank?
+      user = User.find_by(email: credentials['info']['email'], provider:)
+      # Update the user's external id to the latest value to avoid using the fallback
+      user.update(external_id: credentials['uid']) if user.present? && credentials['uid'].present?
+    end
+
     new_user = user.blank?
 
     registration_method = SettingGetter.new(setting_name: 'RegistrationMethod', provider: current_provider).call
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 9567c5027863e4ad7b659217b797df49307018b3..7d0a0cb7c9042e7085868c49db75af532774e366 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -29,7 +29,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
 
       env['omniauth.strategy'].options[:issuer] = issuer_url
       env['omniauth.strategy'].options[:scope] = %i[openid email profile]
-      env['omniauth.strategy'].options[:uid_field] = ENV.fetch('OPENID_CONNECT_UID_FIELD', 'preferred_username')
+      env['omniauth.strategy'].options[:uid_field] = ENV.fetch('OPENID_CONNECT_UID_FIELD', 'sub')
       env['omniauth.strategy'].options[:discovery] = true
       env['omniauth.strategy'].options[:client_options].identifier = ENV.fetch('OPENID_CONNECT_CLIENT_ID')
       env['omniauth.strategy'].options[:client_options].secret = secret
@@ -46,7 +46,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
     provider :openid_connect,
              issuer:,
              scope: %i[openid email profile],
-             uid_field: ENV.fetch('OPENID_CONNECT_UID_FIELD', 'preferred_username'),
+             uid_field: ENV.fetch('OPENID_CONNECT_UID_FIELD', 'sub'),
              discovery: true,
              client_options: {
                identifier: ENV.fetch('OPENID_CONNECT_CLIENT_ID'),
diff --git a/sample.env b/sample.env
index 7a5f35434d36f938de8f4e261d1a7c83794300bc..9b3a2510d9fdc5e210a6a6141f4e5da8bcc4aab5 100644
--- a/sample.env
+++ b/sample.env
@@ -44,6 +44,7 @@ REDIS_URL=
 #OPENID_CONNECT_CLIENT_SECRET=
 #OPENID_CONNECT_ISSUER=
 #OPENID_CONNECT_REDIRECT=
+#OPENID_CONNECT_UID_FIELD=
 
 # To enable hCaptcha on the user sign up and sign in, define these 2 keys
 #HCAPTCHA_SITE_KEY=