Merge pull request #57 from aigarius/patch-1
Fall back to using OIDC Subject instead of Email
This commit is contained in:
commit
21c9d38ada
@ -2,6 +2,7 @@
|
||||
|
||||
## Changes since v3.1.0
|
||||
|
||||
- [#57](https://github.com/pusher/oauth2_proxy/pull/57) Fall back to using OIDC Subject instead of Email (@aigarius)
|
||||
- [#85](https://github.com/pusher/oauth2_proxy/pull/85) Use non-root user in docker images (@kskewes)
|
||||
- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove)
|
||||
- [#41](https://github.com/pusher/oauth2_proxy/pull/41) Added option to manually specify OIDC endpoints instead of relying on discovery
|
||||
|
@ -106,6 +106,7 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
|
||||
|
||||
// Extract custom claims.
|
||||
var claims struct {
|
||||
Subject string `json:"sub"`
|
||||
Email string `json:"email"`
|
||||
Verified *bool `json:"email_verified"`
|
||||
}
|
||||
@ -114,7 +115,8 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
|
||||
}
|
||||
|
||||
if claims.Email == "" {
|
||||
return nil, fmt.Errorf("id_token did not contain an email")
|
||||
// TODO: Try getting email from /userinfo before falling back to Subject
|
||||
claims.Email = claims.Subject
|
||||
}
|
||||
if claims.Verified != nil && !*claims.Verified {
|
||||
return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)
|
||||
|
Loading…
Reference in New Issue
Block a user