talk icon indicating copy to clipboard operation
talk copied to clipboard

Published 20 hours ago verified publisher icon coralproject

Email address verification should be disabled while using only OpenID Connect

Open yogeshbeniwal opened this issue 3 years ago • 2 comments
trafficstars

Expected behavior: While using external OpenID Connect/SSO as only authentication method, email verification should not be required. As email verification is handled by external authentication provider.

Actual behavior: Currently email verification notification is still shown on user profile, though user has verified email on external authentication provider.

yogeshbeniwal avatar Jan 12 '22 11:01 yogeshbeniwal

I think it needs to check the 'email_verified' claim, because an account exists (email claim) in external provider may not imply it is verified at that end. Reference URL

patrickdung avatar Jan 13 '22 05:01 patrickdung

Hi there, improving the OIDC flow in several ways is in our current backlog, but we don't have a timeline for implementing these improvements yet.

tessalt avatar Feb 11 '22 17:02 tessalt