Open qrkourier opened 2 months ago
I guess I'll have to add a stripping option in the username generation, but that may cause some security issues with similar but different usernames. Maybe the stripping will remain an opt-in feature.
In the meantime, could you set the username claim field to be "sub" or something?
Possibly so! I'm learning how to OpenID Connect and gaining familiarity with claims. Tokens obtained via Auth0 for Google, Microsoft, Amazon, and Apple do have an email
claim, and it's the sub
claim that contains the pipe |
character. It might be sufficient for (most) IdP to configure the Jellyfin SSO plugin to use email
. Perhaps I overlooked a step or option in the configuration. I understand things slightly better now than at the time I raised the bug report.
Facebook requires progressive profiling, at least in certain cases, it seems. When I authenticate to FB via Auth0 I never get an email
claim in the token, only sub
, and yet others have been unable to reproduce this, saying they are
able to get an email
claim from FB. :shrug: I reasoned it could be because I had restricted email sharing in my FB privacy settings, but I can reproduce it with those relaxed and with a separate test account without any restrictions. It remains a mystery. Here's the Immich issue where I was investigating and documenting the FB via Auth0 issue.
Still, getting this working with Auth0 for Google, Microsoft, Amazon, and Apple would be plenty of login options for my case, so I'm not too hung up on getting Facebook working.
See https://github.com/9p4/jellyfin-plugin-sso/issues/204#issuecomment-2296832132 for more context
Describe the bug Successful authN results in error while creating Jellyfin user because the username contains a pipe
|
character. I encountered the same issue with several OpenID Connect providers through Auth0: Google, Microsoft, Amazon, and Apple.To Reproduce
/sso/OID/redirect/auth0
Expected behavior I expected the Jellyfin user to be created with preferred_username claim
Configuration
Versions (please complete the following information):
Additional context