Added support for email_verified being a string or bool

sabre1041 commented 3 months ago

Summary

Introduces support for email_verifed claim to be either a boolean or string value

References https://github.com/sigstore/sigstore/issues/1698

Release Note

Boolean and String data type support for email_verified claim

codecov[bot] commented 3 months ago

Codecov Report

Attention: Patch coverage is 66.66667% with 4 lines in your changes missing coverage. Please review.

Project coverage is 50.38%. Comparing base (cf238ac) to head (650764e). Report is 153 commits behind head on main.

Files	Patch %	Lines
pkg/oauthflow/oidc.go	66.66%	4 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1744 +/- ## ========================================== - Coverage 57.93% 50.38% -7.55% ========================================== Files 50 70 +20 Lines 3119 4130 +1011 ========================================== + Hits 1807 2081 +274 - Misses 1154 1819 +665 - Partials 158 230 +72 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

sabre1041 commented 3 months ago

sigstore/sigstore#1698 (comment) mentions that this would not be spec-compliant. Has there been any attempt to resolve this via the IDP?

This is a limitation (only one of many) of Azure as also mentioned in the referenced issue.

However, there is already some precedence in the library sigstore uses to workaround this same limitation

https://github.com/coreos/go-oidc/blob/v3/oidc/oidc.go#L309 https://github.com/coreos/go-oidc/blob/v3/oidc/oidc.go#L491-L503

sabre1041 commented 3 months ago

@haydentherapper thanks a bunch!

Theres a similar change incoming for https://github.com/sigstore/sigstore that will be submitted soon

sigstore / fulcio