Is email strictly necessary for auth (OIDC)? #6434
-
Hello, Here is my Outline OIDC configuration: OIDC_CLIENT_ID=outline
OIDC_CLIENT_SECRET=XXX
OIDC_AUTH_URI=https://auth.xxx.local/realms/master/protocol/openid-connect/auth
OIDC_TOKEN_URI=https://auth.xxx.local/realms/master/protocol/openid-connect/token
OIDC_USERINFO_URI=https://auth.xxx.local/realms/master/protocol/openid-connect/userinfo
OIDC_USERNAME_CLAIM=preferred_username
OIDC_DISPLAY_NAME=Keycloak
OIDC_SCOPES=openid profile When I attempt to log in with my AD user, I encounter the following error: {"error":"An email field was not returned in the profile parameter, but is required.","level":"error","message":"Error during authentication","stack":"UnauthorizedError: An email field was not returned in the profile parameter, but is required.\n at AuthenticationError (/opt/outline/build/server/errors.js:41:34)\n at OAuth2Strategy._verify (/opt/outline/build/plugins/oidc/server/auth/oidc.js:64:47)\n at /opt/outline/node_modules/passport-oauth2/lib/strategy.js:196:24\n at _passportOauth.Strategy.userProfile (/opt/outline/build/plugins/oidc/server/auth/oidc.js:24:12)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"} According to OpenID Connect 1.0, the only required scope is openid. So, my question is: Is email hardcoded in Outline as a required authentication parameter? I did not find any mentions about it in the Outline OIDC configuration documentation. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Yes, it's a requirement on the |
Beta Was this translation helpful? Give feedback.
Yes, it's a requirement on the
User
model to have an email address