Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email address verification should be disabled while using only OpenID Connect #3843

Open
yogeshbeniwal opened this issue Jan 12, 2022 · 2 comments
Open

Email address verification should be disabled while using only OpenID Connect #3843

yogeshbeniwal opened this issue Jan 12, 2022 · 2 comments
Labels
bug

Comments

@yogeshbeniwal
Copy link

Expected behavior:
While using external OpenID Connect/SSO as only authentication method, email verification should not be required. As email verification is handled by external authentication provider.

Actual behavior:
Currently email verification notification is still shown on user profile, though user has verified email on external authentication provider.
@patrickdung
Copy link

I think it needs to check the 'email_verified' claim, because an account exists (email claim) in external provider may not imply it is verified at that end.
Reference URL

@tessalt
Copy link
Contributor

tessalt commented Feb 11, 2022

Hi there, improving the OIDC flow in several ways is in our current backlog, but we don't have a timeline for implementing these improvements yet.

@yogeshbeniwal yogeshbeniwal mentioned this issue Aug 1, 2022
Open
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tessalt @yogeshbeniwal @patrickdung