Is email strictly necessary for auth (OIDC)?

[uriinf]

Hello,
I am using a standalone Outline installation and attempting to set up OIDC authentication via Keycloak. Keycloak has AD LDAP user federation enabled. My AD users do not have an email configured, so only the username is provided by LDAP/Keycloak.

Here is my Outline OIDC configuration:

OIDC_CLIENT_ID=outline
OIDC_CLIENT_SECRET=XXX
OIDC_AUTH_URI=https://auth.xxx.local/realms/master/protocol/openid-connect/auth
OIDC_TOKEN_URI=https://auth.xxx.local/realms/master/protocol/openid-connect/token
OIDC_USERINFO_URI=https://auth.xxx.local/realms/master/protocol/openid-connect/userinfo
OIDC_USERNAME_CLAIM=preferred_username
OIDC_DISPLAY_NAME=Keycloak
OIDC_SCOPES=openid profile

When I attempt to log in with my AD user, I encounter the following error:

{"error":"An email field was not returned in the profile parameter, but is required.","level":"error","message":"Error during authentication","stack":"UnauthorizedError: An email field was not returned in the profile parameter, but is required.\n    at AuthenticationError (/opt/outline/build/server/errors.js:41:34)\n    at OAuth2Strategy._verify (/opt/outline/build/plugins/oidc/server/auth/oidc.js:64:47)\n    at /opt/outline/node_modules/passport-oauth2/lib/strategy.js:196:24\n    at _passportOauth.Strategy.userProfile (/opt/outline/build/plugins/oidc/server/auth/oidc.js:24:12)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"}

According to OpenID Connect 1.0, the only required scope is openid. So, my question is: Is email hardcoded in Outline as a required authentication parameter? I did not find any mentions about it in the Outline OIDC configuration documentation.

[tommoor]

Is email hardcoded in Outline as a required authentication parameter?

Yes, it's a requirement on the User model to have an email address