adapting unit tests and fixing minor issues introduced with the derefing

Signed-off-by: Jan Larwig <jan@larwig.com>
2025-12-21 23:57:36 +02:00 · 2025-11-07 23:26:00 +01:00
parent 638fba417f
commit 137decb1ec
7 changed files with 103 additions and 50 deletions
--- a/pkg/apis/middleware/session.go
+++ b/pkg/apis/middleware/session.go
@@ -41,7 +41,10 @@ func CreateTokenToSessionFunc(verify VerifyFunc) TokenToSessionFunc {
 			claims.Email = claims.Subject
 		}

-		if !ptr.Deref(claims.Verified, false) {
+		// Ensure email is verified
+		// If the email is not verified, return an error
+		// If the email_verified claim is missing, assume it is verified
+		if !ptr.Deref(claims.Verified, true) {
 			return nil, fmt.Errorf("email in id_token (%s) isn't verified", claims.Email)
 		}