[Question] Email address marked as unverified with Github auth #2150
Comments
|
Looking at https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/providers/google/provider.py there is a way to make this happen, but loads of providers don't come with a provider-specific setting that lets us say "we know these emails are verified by the very fact that the user was able to grant permissions". For instance, https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/providers/github/provider.py doesn't have any way to say "emails are verified, even if the oauth process doesn't report on that". |
|
You can use `SOCIALACCOUNT_PROVIDER = { "github": { "VERIFIED_EMAIL": True } } to force marking them as verified. |
|
@pennersr is that information in the docs somewhere? If not, can that be added before closing the issue? (information in closed issues basically becomes lost due to how github implements search, so even if it helped us this one time, future folks would still be just as lost as we were) |
|
fantastic, thanks so much. |
tldr; can allauth automatically mark a user's email address as verified after successfully authenticating using Github for the first time?
I noticed that the Github allauth provider does not mark email addresses as verified when creating the
EmailAddressinstance on logging in. Github does not seem to send any data in the OAuth callback indicating that the email has been verified or not. However, according to this documentation on Github, Github accounts with unverified emails are not allowed to authorize OAuth apps.Based on this documentation, can allauth automatically mark a user's email as verified once the user successfully logs in via Github for the first time (without the email verification step since Github already does this)?
The text was updated successfully, but these errors were encountered: