search

dexidp / dex

OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
https://dexidp.io
Apache License 2.0
9.2k stars 1.67k forks source link

fix: always retrieve github emails when `preferredEmailDomain` is set #3584

Open thesuperzapper opened 2 weeks ago

thesuperzapper commented 2 weeks ago

Overview

As discussed in https://github.com/dexidp/website/pull/176, even when preferredEmailDomain (which was added by https://github.com/dexidp/dex/pull/2740) is set on the GitHub connector, if the user has a public email on their GitHub profile, it will take precedence over any private one which might match the preferredEmailDomain selector.

This is problematic for organizations which want to use the email filter to assign permissions to employees based on their corporate email, as they must tell users to remove any public emails from their profile.

What this PR does / why we need it

Simply makes it so that we always preform an email check when preferredEmailDomain is non empty.

Special notes for your reviewer

N/A

thesuperzapper commented 11 hours ago

@nabokihms any chance this will be merged?