Check email_verified in id_token and user_info

2025-07-06 12:35:00 +00:00 · 2025-06-12 15:54:17 +02:00 · 2025-06-12 15:54:17 +02:00 · dcc3511885
commit dcc3511885
parent 1c7ac7beac
1 changed files with 7 additions and 10 deletions
--- a/src/sso.rs
+++ b/src/sso.rs
@ -462,14 +462,11 @@ pub async fn exchange_code(wrapped_code: &str, conn: &mut DbConn) -> ApiResult<U
                }
            };

-            let email = match id_claims.email() {
-                Some(email) => email.to_string(),
-                None => match user_info.email() {
-                    None => err!("Neither id token nor userinfo contained an email"),
-                    Some(email) => email.to_owned().to_string(),
-                },
-            }
-            .to_lowercase();
+            let email = match id_claims.email().or(user_info.email()) {
+                None => err!("Neither id token nor userinfo contained an email"),
+                Some(e) => e.to_string().to_lowercase(),
+            };
+            let email_verified = id_claims.email_verified().or(user_info.email_verified());

            let user_name = user_info.preferred_username().map(|un| un.to_string());

@ -486,7 +483,7 @@ pub async fn exchange_code(wrapped_code: &str, conn: &mut DbConn) -> ApiResult<U
                expires_in: token_response.expires_in(),
                identifier: identifier.clone(),
                email: email.clone(),
-                email_verified: id_claims.email_verified(),
+                email_verified,
                user_name: user_name.clone(),
            };

@ -496,7 +493,7 @@ pub async fn exchange_code(wrapped_code: &str, conn: &mut DbConn) -> ApiResult<U
                state,
                identifier,
                email,
-                email_verified: id_claims.email_verified(),
+                email_verified,
                user_name,
            })
        }