You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OIDC account linking (revert v0.71.11): the relaxed email_verified !== false check introduced in v0.71.11 is replaced with a strict opt-in. The default is restored to email_verified === true required; the new OIDC_TRUST_EMAIL_WITHOUT_VERIFIED_CLAIM=true env var lets admins opt in explicitly for IdPs that omit the claim but only issue verified addresses.
Added
OIDC_TRUST_EMAIL_WITHOUT_VERIFIED_CLAIM env var (opt-in): set to true to allow account linking when the IdP omits the email_verified claim entirely. Only enable this for IdPs fully under your control that never issue unverified email addresses (e.g. older Authentik deployments without an explicit email_verified property mapping).
