public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat() Allow unverified emails

This commit is contained in:
ajarmada 2025-12-16 12:04:46 -08:00
parent e27921ee80
commit 874bde735d
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/apis/middleware/session.go
View File

@ -6,7 +6,6 @@ import (
"github.com/coreos/go-oidc/v3/oidc"
sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util/ptr"
)
// TokenToSessionFunc takes a raw ID Token and converts it into a SessionState.
@ -44,9 +43,9 @@ func CreateTokenToSessionFunc(verify VerifyFunc) TokenToSessionFunc {
// Ensure email is verified
// If the email is not verified, return an error
// If the email_verified claim is missing, assume it is verified
if !ptr.Deref(claims.Verified, true) {
return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)
}
// if !ptr.Deref(claims.Verified, true) {
// return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)
// }
newSession := &sessionsapi.SessionState{
Email: claims.Email,

8
providers/provider_data.go
View File

@ -274,14 +274,14 @@ func (p *ProviderData) buildSessionFromClaims(rawIDToken, accessToken string) (*
if verifyEmail {
var verified bool
exists, err := extractor.GetClaimInto("email_verified", &verified)
_, err := extractor.GetClaimInto("email_verified", &verified)
if err != nil {
return nil, err
}
if exists && !verified {
return nil, fmt.Errorf("email in id_token (%s) isn't verified", ss.Email)
}
// if exists && !verified {
// return nil, fmt.Errorf("email in id_token (%s) isn't verified", ss.Email)
// }
}
return ss, nil