Fall back to using OIDC Subject instead of Email

Email is not mandatory field, Subject is mandatory and expected to be unique. Might want to take a look at UserInfo first, however.

Issue: #56
This commit is contained in:
Aigars Mahinovs 2019-02-13 16:26:53 +01:00 committed by Aigars Mahinovs
parent 84d7c51bb6
commit 7acec6243b

View File

@ -106,6 +106,7 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
// Extract custom claims.
var claims struct {
Subject string `json:"sub"`
Email string `json:"email"`
Verified *bool `json:"email_verified"`
}
@ -114,7 +115,8 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
}
if claims.Email == "" {
return nil, fmt.Errorf("id_token did not contain an email")
// TODO: Try getting email from /userinfo before falling back to Subject
claims.Email = claims.Subject
}
if claims.Verified != nil && !*claims.Verified {
return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)