Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Improve OIDC email verified check #1450

Merged
merged 2 commits into from
Jan 9, 2025
Merged

fix: Improve OIDC email verified check #1450

merged 2 commits into from
Jan 9, 2025

Conversation

adamantike
Copy link
Collaborator

The OIDC email verified check now fails if the email is explicitly unverified, or if the email_verified claim is supported and the email is not explicitly verified.

Previously, the OIDC implementation failed for any OIDC provider that did not include the email_verified claim in the userinfo response. Providers like Synology do not include this claim, so the check always failed with error "Email is not verified."

I haven't found a formal specification for the email_verified claim, and how it should be handled, but this implementation should be more robust and work with more OIDC providers.

Fixes #1446.

@adamantike
fix: Improve OIDC email verified check
7fedaca 
The OIDC email verified check now fails if the email is explicitly
unverified, or if the `email_verified` claim is supported and the email
is not explicitly verified.

Previously, the OIDC implementation failed for any OIDC provider that
did not include the `email_verified` claim in the userinfo response.
Providers like Synology do not include this claim, so the check always
failed with error "Email is not verified."

I haven't found a formal specification for the `email_verified` claim,
and how it should be handled, but this implementation should be more
robust and work with more OIDC providers.

Fixes #1446.
@adamantike adamantike requested a review from gantoine January 9, 2025 03:57
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 9, 2025
edited
Loading

Test Results

93 tests  +2   93 ✅ +2   27s ⏱️ ±0s
 1 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit 8c8cd75. ± Comparison against base commit 415c7a7.

♻️ This comment has been updated with latest results.

gantoine
gantoine approved these changes Jan 9, 2025
View reviewed changes
Copy link
Member

@gantoine gantoine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

@adamantike adamantike merged commit de74688 into master Jan 9, 2025
8 checks passed
@adamantike adamantike deleted the fix/improve-oidc-email-verified-check branch January 9, 2025 04:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gantoine gantoine gantoine approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamantike @gantoine