Trusted_email using oauth identity provider

ac_james · September 18, 2019, 12:48pm

Hi

We’re using an OAuth authentication\identity provider and it’s working great apart from when the user is redirected back to Indico they are still prompted to verify their email address despite the trusted_email configuration option being set to true. Can anyone tell me if I’m missing something?

    'consumer_key': '123',
    'consumer_secret': '456',
    'request_token_params': {'scope': 'user:email'},
    'base_url': 'https://api.github.com',
    'request_token_url': None,
    'access_token_method': 'POST',
    'access_token_url': 'https://github.com/login/oauth/access_token',
    'authorize_url': 'https://github.com/login/oauth/authorize'
}

# SSO
AUTH_PROVIDERS = {
    'bisa': {
        'type': 'oauth',
        'title': 'BISA',
        'oauth': _github_oauth_config
    }
}

IDENTITY_PROVIDERS = {
    'bisa': {
        'type': 'oauth',
        'oauth': _github_oauth_config,
        'endpoint': '/user',
        'identifier_field': 'id',
        'trusted_email': True,
        'mapping': {
            'user_name': 'login',
            'affiliation': 'company'
        }
    },
}```

ThiefMaster · September 18, 2019, 1:25pm

Did you restart uwsgi after changing the config? Your config looks correct.

bkolobara · September 24, 2019, 9:47am

We are running Indico in development mode inside of Docker. On every container restart it should pick up the new configuration. Maybe this happens because we don’t run Indico behind apache/nginx?

ThiefMaster · September 24, 2019, 9:49am

No in development mode any restart of the dev server should load the latest code. Maybe add some print statement to the code to see if you get the right data from the config… that way you also know if your latest code is being used or not.

ac_james · September 24, 2019, 1:44pm

Facepalm! My identity endpoint wasn’t returning an email, now it does and is working as expected.

Thanks for your help!