From 874bde735dc2b3777a1de51357db3fb6da5989de Mon Sep 17 00:00:00 2001 From: ajarmada Date: Tue, 16 Dec 2025 12:04:46 -0800 Subject: [PATCH] feat() Allow unverified emails --- pkg/apis/middleware/session.go | 7 +++---- providers/provider_data.go | 8 ++++---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/pkg/apis/middleware/session.go b/pkg/apis/middleware/session.go index afa56e9d..d5fca91a 100644 --- a/pkg/apis/middleware/session.go +++ b/pkg/apis/middleware/session.go @@ -6,7 +6,6 @@ import ( "github.com/coreos/go-oidc/v3/oidc" sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions" - "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util/ptr" ) // TokenToSessionFunc takes a raw ID Token and converts it into a SessionState. @@ -44,9 +43,9 @@ func CreateTokenToSessionFunc(verify VerifyFunc) TokenToSessionFunc { // Ensure email is verified // If the email is not verified, return an error // If the email_verified claim is missing, assume it is verified - if !ptr.Deref(claims.Verified, true) { - return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email) - } + // if !ptr.Deref(claims.Verified, true) { + // return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email) + // } newSession := &sessionsapi.SessionState{ Email: claims.Email, diff --git a/providers/provider_data.go b/providers/provider_data.go index 95de5c50..c13012c0 100644 --- a/providers/provider_data.go +++ b/providers/provider_data.go @@ -274,14 +274,14 @@ func (p *ProviderData) buildSessionFromClaims(rawIDToken, accessToken string) (* if verifyEmail { var verified bool - exists, err := extractor.GetClaimInto("email_verified", &verified) + _, err := extractor.GetClaimInto("email_verified", &verified) if err != nil { return nil, err } - if exists && !verified { - return nil, fmt.Errorf("email in id_token (%s) isn't verified", ss.Email) - } + // if exists && !verified { + // return nil, fmt.Errorf("email in id_token (%s) isn't verified", ss.Email) + // } } return ss, nil