Fall back to using OIDC Subject instead of Email
Email is not mandatory field, Subject is mandatory and expected to be unique. Might want to take a look at UserInfo first, however. Issue: #56
This commit is contained in:
Aigars Mahinovs
Aigars Mahinovs
parent
84d7c51bb6
commit
7acec6243b
|
|
@ -106,6 +106,7 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
|
||||||
|
|
||||||
// Extract custom claims.
|
// Extract custom claims.
|
||||||
var claims struct {
|
var claims struct {
|
||||||
|
Subject string `json:"sub"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Verified *bool `json:"email_verified"`
|
Verified *bool `json:"email_verified"`
|
||||||
}
|
}
|
||||||
|
|
@ -114,7 +115,8 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
|
||||||
}
|
}
|
||||||
|
|
||||||
if claims.Email == "" {
|
if claims.Email == "" {
|
||||||
return nil, fmt.Errorf("id_token did not contain an email")
|
// TODO: Try getting email from /userinfo before falling back to Subject
|
||||||
|
claims.Email = claims.Subject
|
||||||
}
|
}
|
||||||
if claims.Verified != nil && !*claims.Verified {
|
if claims.Verified != nil && !*claims.Verified {
|
||||||
return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)
|
return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue