Fix SAML login (#4037)
* after first login the user is read from the db and hence we need to inspect the `emailVerified` attribute as well. * fixed mapping documentation for SAML, the current mapping is not right and is causing confusionpull/4034/head^2
parent
ad8d0a4e77
commit
1a81459e28
|
@ -18,10 +18,10 @@ This guide explains the settings you need to use to configure SAML with your Ide
|
|||
|
||||
**Mapping Attributes / Attribute Statements:**
|
||||
|
||||
id -> user.id
|
||||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier -> id
|
||||
|
||||
email -> user.email
|
||||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> email
|
||||
|
||||
firstName -> user.firstName
|
||||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname -> firstName
|
||||
|
||||
lastName -> user.lastName
|
||||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> lastName
|
||||
|
|
|
@ -328,7 +328,7 @@ export default NextAuth({
|
|||
if (account.provider === "saml") {
|
||||
idP = IdentityProvider.SAML;
|
||||
}
|
||||
user.email_verified = user.email_verified || profile.email_verified;
|
||||
user.email_verified = user.email_verified || user.emailVerified || profile.email_verified;
|
||||
|
||||
if (!user.email_verified) {
|
||||
return "/auth/error?error=unverified-email";
|
||||
|
|
Loading…
Reference in New Issue