Open winston-yallow opened 8 months ago
To be clear, it is possible to manually check session['oidc_auth_profile']['email_verified']
, but the proposal would integrate this better into a typical flask workflow.
Yeah, it sounds reasonable, could you write the PR? I'll review it.
It seems like there is no way to enforce email verification since
OIDC_REQUIRE_VERIFIED_EMAIL
was deprecated.I propose to add a decorator
require_verified_email()
that only grants access if the mail is verified.