-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix #404 Azure not storing users email #405
Conversation
|
Thanks for the PR, my only concern is that the docs say this:
Not sure if we should validate the value and return an error if it's not an email. |
You are right, but if I see it correctly there is already a validation set up. |
good catch! |
Reading more about this, I am not an Azure AD expert but I am thinking this may not be correct. The UPN doesn't seem to be the email and googling around a bit you should be able to ask for the email claim: https://stackoverflow.com/questions/65128383/cant-get-email-claim-in-access-token-in-azure-ad |
You guys are right, working with the AD admins, we found you need to add the 'Microsoft Graph email' API permission, as well as including it as an optional claim in the id token as stated here and described here. |
Thanks! closing PR and issue, feel free to re-open if needed. |
Could be considered, adding the info to the docu in the future. |
stackoverflow https://stackoverflow.com/a/49679604 suggest, email can be mapped to different fields based on what azure subscription company has:
For my case Azure AD is sending email at two places: 1. preferred_username 2. upn can you provide options for developers to map email address via configuration ? or may be fallback with: return {
id: payload.oid,
displayName: payload.name,
email: payload.email ?? payload.preferred_username ?? payload.upn
}; |
Fixes #404