Add email and email_verified claims to OAuth ID tokens (!35468) · Merge requests · GitLab.org / GitLab

André Hänsel requested to merge AndreKR/gitlab:add-email-to-oidc-id-token into master Jun 26, 2020

This adds the "email" and "email_verified" claims to OAuth ID tokens.

This is to support OpenID Connect clients that expect the email address in the ID token instead of the UserInfo endpoint.

Note that the claims are added to the ID token regardless of whether the email scope is granted or not. This is currently a limitation of the doorkeeper-openid_connect gem, see claims_builder.rb

Closes #21560 (closed)

Edited Jul 08, 2020 by Markus Koller

Add email and email_verified claims to OAuth ID tokens

Merge request reports