Fall back to using OIDC Subject instead of Email
Email is not mandatory field, Subject is mandatory and expected to be unique. Might want to take a look at UserInfo first, however. Issue: #56
This commit is contained in:
parent
84d7c51bb6
commit
7acec6243b
@ -106,6 +106,7 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
|
||||
|
||||
// Extract custom claims.
|
||||
var claims struct {
|
||||
Subject string `json:"sub"`
|
||||
Email string `json:"email"`
|
||||
Verified *bool `json:"email_verified"`
|
||||
}
|
||||
@ -114,7 +115,8 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
|
||||
}
|
||||
|
||||
if claims.Email == "" {
|
||||
return nil, fmt.Errorf("id_token did not contain an email")
|
||||
// TODO: Try getting email from /userinfo before falling back to Subject
|
||||
claims.Email = claims.Subject
|
||||
}
|
||||
if claims.Verified != nil && !*claims.Verified {
|
||||
return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)
|
||||
|
Loading…
Reference in New Issue
Block a user