Don't require the 'email' field in the claims data.

AngellusMortis / django_microsoft_auth

Simple app to enable Microsoft Account, Office 365 and Xbox Live authentcation as a Django authentcation backend.

MIT License

137 stars 84 forks source link

Don't require the 'email' field in the claims data. #508

Closed whyscream closed 5 months ago

whyscream commented 1 year ago

In some implementations, the email field isn't returned from the authentication server. In those cases, make something up that will probably be just as stable as the users' email address.

In our current setup, we actually only receive the sub (Microsoft ID), name and preferred_username fields as general usable data for identifying a user. In our Django app, we actually identify the accounts using the Microsoft ID, but we see the need for an e-mail address to create the user.

whyscream commented 1 year ago

Just noticed that https://github.com/AngellusMortis/django_microsoft_auth/issues/234 describes the same issue