Don't add a "password required" notification for non-database auth via OIDC

endpoints/oauth/login.py

@@ -105,9 +105,10 @@ def _conduct_oauth_login(auth_system, login_service, lid, lusername, lemail, met
       new_username = valid
       break
 
+    requires_password = auth_system.requires_distinct_cli_password
     prompts = model.user.get_default_user_prompts(features)
     user_obj = model.user.create_federated_user(new_username, lemail, service_id, lid,
-                                                set_password_notification=True,
+                                                set_password_notification=requires_password,
                                                 metadata=metadata or {},
                                                 prompts=prompts,
                                                 email_required=features.MAILING)

endpoints/oauth/test/test_login.py

@@ -73,6 +73,10 @@ def test_new_account_via_database(login_service):
   federated_login = model.user.lookup_federated_login(new_user, login_service.service_id())
   assert federated_login is not None
 
+  # Ensure that a notification was created.
+  assert list(model.notification.list_notifications(result.user_obj,
+                                                    kind_name='password_required'))
+
 @pytest.mark.parametrize('open_creation, invite_only, has_invite, expect_success', [
   # Open creation -> Success!
   (True, False, False, True),
@@ -173,6 +177,9 @@ def test_new_account_via_ldap(binding_field, lid, lusername, lemail, expected_er
       else:
         assert internal_login is None
 
+      # Ensure that no notification was created.
+      assert not list(model.notification.list_notifications(result.user_obj,
+                                                            kind_name='password_required'))
     else:
       # Ensure that no addtional users were created.
       assert current_user_count == existing_user_count