As discussed in https://github.com/dexidp/website/pull/176, even when preferredEmailDomain (which was added by https://github.com/dexidp/dex/pull/2740) is set on the GitHub connector, if the user has a public email on their GitHub profile, it will take precedence over any private one which might match the preferredEmailDomain selector.
This is problematic for organizations which want to use the email filter to assign permissions to employees based on their corporate email, as they must tell users to remove any public emails from their profile.
What this PR does / why we need it
Simply makes it so that we always preform an email check when preferredEmailDomain is non empty.
Overview
As discussed in https://github.com/dexidp/website/pull/176, even when
preferredEmailDomain
(which was added by https://github.com/dexidp/dex/pull/2740) is set on the GitHub connector, if the user has a public email on their GitHub profile, it will take precedence over any private one which might match thepreferredEmailDomain
selector.This is problematic for organizations which want to use the email filter to assign permissions to employees based on their corporate email, as they must tell users to remove any public emails from their profile.
What this PR does / why we need it
Simply makes it so that we always preform an email check when
preferredEmailDomain
is non empty.Special notes for your reviewer
N/A