Signing up with Azure AD does not set the users email
hk-meko opened this issue · 2 comments
hk-meko commented
When using AzureAD for signup/ signin, the users email is not set in the database.
This part of the azuread config is the falsey part. The payload field containing the email is named "upn", in the config it's email
azuread: {
grant: {
oauth: 2,
scope_delimiter: ' ',
client_id: process.env.AUTH_PROVIDER_AZUREAD_CLIENT_ID,
client_secret: process.env.AUTH_PROVIDER_AZUREAD_CLIENT_SECRET,
authorize_url: `${azureBaseUrl}/[subdomain]/oauth2/authorize`,
access_url: `${azureBaseUrl}/[subdomain]/oauth2/token`,
profile_url: `${azureBaseUrl}/[subdomain]/openid/userinfo`,
subdomain: process.env.AUTH_PROVIDER_AZUREAD_TENANT || 'common',
},
profile: ({ jwt }) => {
const payload = jwt?.id_token?.payload;
return {
id: payload.oid,
displayName: payload.name,
email: payload.email,
};
},
},
Here is a privatized OAuth response from AzureAD:
{
"id_token": "...",
"access_token": "...",
"refresh_token": "...",
"jwt": {
"id_token": {
"header": {
"typ": "JWT",
"alg": "none"
},
"payload": {
"aud": "...",
"iss": "https://sts.windows.net/.../",
"iat": 1689073876,
"nbf": 1689073876,
"exp": 1689077776,
"amr": [
"pwd",
"mfa"
],
"family_name": "Doe",
"given_name": "John",
"ipaddr": "12.345.78.912",
"name": "John Doe",
"oid": "...",
"onprem_sid": "...",
"rh": "...",
"sub": "...",
"tid": "...",
"unique_name": "email@email.com",
"upn": "email@email.com",
"ver": "1.0"
},
"signature": ""
}
},
"profile": {
"error": {}
}
}
I hope this can be fixed quickly, with the provided information.
dbarrosop commented
Given you have already identified the root cause and are a bit in a hurry here, would you mind opening a PR fixing it? Thanks!
dbarrosop commented
Closing as per the following comment: #405 (comment)