fix: review feedback

feat: add nonce claim support to oidc server
2026-03-05 06:12:03 +00:00 · 2026-03-04 15:30:48 +02:00 · 2026-03-03 23:13:09 +02:00
2 changed files with 1 additions and 6 deletions
--- a/internal/controller/well_known_controller.go
+++ b/internal/controller/well_known_controller.go
@@ -59,7 +59,7 @@ func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context
 		SubjectTypesSupported:             []string{"pairwise"},
 		IDTokenSigningAlgValuesSupported:  []string{"RS256"},
 		TokenEndpointAuthMethodsSupported: []string{"client_secret_basic", "client_secret_post"},
-		ClaimsSupported:                   []string{"sub", "updated_at", "name", "preferred_username", "email", "email_verified", "groups"},
+		ClaimsSupported:                   []string{"sub", "updated_at", "name", "preferred_username", "email", "groups"},
 		ServiceDocumentation:              "https://tinyauth.app/docs/guides/oidc",
 	})
 }
--- a/internal/service/oidc_service.go
+++ b/internal/service/oidc_service.go
@@ -49,7 +49,6 @@ type ClaimSet struct {
 	Exp               int64    `json:"exp"`
 	Name              string   `json:"name,omitempty"`
 	Email             string   `json:"email,omitempty"`
-	EmailVerified     bool     `json:"email_verified,omitempty"`
 	PreferredUsername string   `json:"preferred_username,omitempty"`
 	Groups            []string `json:"groups,omitempty"`
 	Nonce             string   `json:"nonce,omitempty"`
@@ -61,7 +60,6 @@ type UserinfoResponse struct {
 	Email             string   `json:"email,omitempty"`
 	PreferredUsername string   `json:"preferred_username,omitempty"`
 	Groups            []string `json:"groups,omitempty"`
-	EmailVerified     bool     `json:"email_verified,omitempty"`
 	UpdatedAt         int64    `json:"updated_at"`
 }

@@ -390,7 +388,6 @@ func (service *OIDCService) generateIDToken(client config.OIDCClientConfig, user
 		Exp:               expiresAt,
 		Name:              userInfo.Name,
 		Email:             userInfo.Email,
-		EmailVerified:     userInfo.EmailVerified,
 		PreferredUsername: userInfo.PreferredUsername,
 		Groups:            userInfo.Groups,
 		Nonce:             nonce,
@@ -586,8 +583,6 @@ func (service *OIDCService) CompileUserinfo(user repository.OidcUserinfo, scope

 	if slices.Contains(scopes, "email") {
 		userInfo.Email = user.Email
-		// We can set this as a configuration option in the future but for now it's a good idea to assume it's true
-		userInfo.EmailVerified = true
 	}

 	if slices.Contains(scopes, "groups") {
Author	SHA1	Message	Date
Stavros	dbc7b10254	fix: review feedback	2026-03-04 15:30:48 +02:00
Stavros	ec8121499c	feat: add nonce claim support to oidc server	2026-03-03 23:13:09 +02:00