You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OIDC protocol allows for a claim email_verified. This proves that the user has verified their email in accordance with this federated partner's requirements (typically, this is the user clicking a link from their inbox). When FusionAuth is the SP, sometimes you only want to allow federation and user creation for users that have proven they have verified their email and own their email address.
Solution
We should offer an IdP configuration that prevents automatic linking and user creation unless this claim is present. linking-strategies
Alternatives/workarounds
Manually create a user link using our Link API to only link one a user has a verified email address or meets other requirements.
This will only work if the IdP in question uses the email_verified claim when they are the IdP and FusionAuth is the SP.
Internal - 73727
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered:
Enforce a verified email via OIDC auth
Problem
The OIDC protocol allows for a claim
email_verified
. This proves that the user has verified their email in accordance with this federated partner's requirements (typically, this is the user clicking a link from their inbox). When FusionAuth is the SP, sometimes you only want to allow federation and user creation for users that have proven they have verified their email and own their email address.Solution
We should offer an IdP configuration that prevents automatic linking and user creation unless this claim is present.
linking-strategies
Alternatives/workarounds
Manually create a user link using our Link API to only link one a user has a verified email address or meets other requirements.
This will only work if the IdP in question uses the
email_verified
claim when they are the IdP and FusionAuth is the SP.Internal - 73727
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Related
email_verified
is present and isfalse
#2423How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered: