oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: fixed an issue where OIDC login consistently used a synthetic email address

Browse Source
This commit is contained in:
Glorhop
2026-03-14 14:45:43 +00:00
parent 02a66a01c3
commit 8e1a7bdfff
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/internal/handler/auth_oidc_oauth.go
View File

@@ -306,7 +306,7 @@ func (h *AuthHandler) OIDCOAuthCallback(c *gin.Context) {
}
identityKey := oidcIdentityKey(issuer, subject)
email := oidcSyntheticEmailFromIdentityKey(identityKey)
email := oidcSelectLoginEmail(userInfoClaims.Email, idClaims.Email, identityKey)
username := firstNonEmpty(
userInfoClaims.Username,
idClaims.PreferredUsername,
@@ -831,6 +831,14 @@ func oidcSyntheticEmailFromIdentityKey(identityKey string) string {
return "oidc-" + hex.EncodeToString(sum[:16]) + service.OIDCConnectSyntheticEmailDomain
}
func oidcSelectLoginEmail(userInfoEmail, idTokenEmail, identityKey string) string {
email := strings.TrimSpace(firstNonEmpty(userInfoEmail, idTokenEmail))
if email != "" {
return email
}
return oidcSyntheticEmailFromIdentityKey(identityKey)
}
func oidcFallbackUsername(subject string) string {
subject = strings.TrimSpace(subject)
if subject == "" {