Description
We've been having issues with onboarding users via AzureAD OIDC configuration which results in this error:
Line 225 in adcf883
When testing openid profile email by default an id_token comes back with the following.
{
...
"name": "JV2 User",
"preferred_username": "[email protected]",
...
}
Have to manually add the email address field to the user in AzureAD portal for this to come back:
{
...
"email": "[email protected]",
"name": "JV2 User",
"preferred_username": "[email protected]",
...
}
I'm just wondering if it should revert back to using preferred_username email address component if email is not there?
Interesting note at: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#v10-and-v20-optional-claims-set
This value is included by default if the user is a guest in the tenant. For managed users (the users inside the tenant), it must be requested through this optional claim or, on v2.0 only, with the OpenID scope. This value isn't guaranteed to be correct, and is mutable over time - never use it for authorization or to save data for a user. For more information, see Validate the user has permission to access this data. If you require an addressable email address in your app, request this data from the user directly, using this claim as a suggestion or pre-fill in your UX.
This is curious as I would have thought CoderV1 would have had similar issues?