barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-03-05 14:22:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add email verified claim

Browse Source
This commit is contained in:
Stavros
2026-03-04 15:52:31 +02:00
parent 6bf444010b
commit a71f61df8d
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/controller/well_known_controller.go
View File

@@ -59,7 +59,7 @@ func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context
SubjectTypesSupported: []string{"pairwise"}, SubjectTypesSupported: []string{"pairwise"},
IDTokenSigningAlgValuesSupported: []string{"RS256"}, IDTokenSigningAlgValuesSupported: []string{"RS256"},
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic", "client_secret_post"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic", "client_secret_post"},
ClaimsSupported: []string{"sub", "updated_at", "name", "preferred_username", "email", "groups"}, ClaimsSupported: []string{"sub", "updated_at", "name", "preferred_username", "email", "email_verified", "groups"},
ServiceDocumentation: "https://tinyauth.app/docs/guides/oidc", ServiceDocumentation: "https://tinyauth.app/docs/guides/oidc",
}) })
} }

5
internal/service/oidc_service.go
View File

@@ -49,6 +49,7 @@ type ClaimSet struct {
Exp int64 `json:"exp"` Exp int64 `json:"exp"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Email string `json:"email,omitempty"` Email string `json:"email,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"`
Groups []string `json:"groups,omitempty"` Groups []string `json:"groups,omitempty"`
Nonce string `json:"nonce,omitempty"` Nonce string `json:"nonce,omitempty"`
@@ -60,6 +61,7 @@ type UserinfoResponse struct {
Email string `json:"email,omitempty"` Email string `json:"email,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"`
Groups []string `json:"groups,omitempty"` Groups []string `json:"groups,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
UpdatedAt int64 `json:"updated_at"` UpdatedAt int64 `json:"updated_at"`
} }
@@ -388,6 +390,7 @@ func (service *OIDCService) generateIDToken(client config.OIDCClientConfig, user
Exp: expiresAt, Exp: expiresAt,
Name: userInfo.Name, Name: userInfo.Name,
Email: userInfo.Email, Email: userInfo.Email,
EmailVerified: userInfo.EmailVerified,
PreferredUsername: userInfo.PreferredUsername, PreferredUsername: userInfo.PreferredUsername,
Groups: userInfo.Groups, Groups: userInfo.Groups,
Nonce: nonce, Nonce: nonce,
@@ -583,6 +586,8 @@ func (service *OIDCService) CompileUserinfo(user repository.OidcUserinfo, scope
if slices.Contains(scopes, "email") { if slices.Contains(scopes, "email") {
userInfo.Email = user.Email userInfo.Email = user.Email
// We can set this as a configuration option in the future but for now it's a good idea to assume it's true
userInfo.EmailVerified = true
} }
if slices.Contains(scopes, "groups") { if slices.Contains(scopes, "groups") {