Skip to content

Fix/OIDC issues#116

Merged
Anyesh merged 12 commits into
mainfrom
fix/oidc-issues
Jun 26, 2026
Merged

Fix/OIDC issues#116
Anyesh merged 12 commits into
mainfrom
fix/oidc-issues

Conversation

@Anyesh

@Anyesh Anyesh commented Jun 25, 2026

Copy link
Copy Markdown
Owner

Description

Related Issue

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Refactoring (no functional changes)
  • CI/CD or build changes

Checklist

  • I have read the CONTRIBUTING guide
  • My code follows the project's coding style
  • I have added tests that prove my fix/feature works
  • New and existing tests pass locally
  • I have updated documentation as needed
  • My changes don't introduce new warnings or errors

Testing

Test Environment

  • Docker Compose
  • Kubernetes
  • Local development

Tests Performed

Screenshots (if applicable)

Additional Notes

Anyesh added 12 commits June 26, 2026 08:37
Accept null email in UserSyncRequest and derive it from the validated
ID token, so providers that omit the email claim get a clear 400
instead of a Pydantic 422. Add OIDC_CA_BUNDLE setting so the backend
can trust internal CAs without disabling TLS verification.
Authelia (and other providers) include email only in the userinfo
endpoint, not the ID token. Profile callback now falls back to the
userinfo endpoint using the access token when email is missing.
Adds docker-compose.oidc-test.yml and testing/authelia/ fixtures to
spin up a real Authelia instance for validating the null-email and
CA bundle fixes end-to-end. Includes a local CA, server cert, test
users (alice: no email, bob: with email), and Authelia config.
@types/node@24 requires TypeScript 5.8+ and pulls in web-globals
(fetch, streams, events) that duplicate DOM lib declarations.
The frontend uses TypeScript 5.3.3, which is incompatible.
Lost when lockfile was regenerated. npm 10 (Node 20 CI) requires
these optional entries to be present or it fails npm ci.
@Anyesh Anyesh merged commit ccfa97f into main Jun 26, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant