github-mirrors/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2026-03-22 20:49:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat(server): support IDPs that only send the userinfo in the ID token (#26717)

Browse Source 
Co-authored-by: irouply <irouply@secom.fr>
Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>
This commit is contained in:
Belnadifia
2026-03-13 22:14:45 +01:00
committed by GitHub
parent 10fa928abe
commit 55513cd59f
3 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/src/repositories/oauth.repository.ts
View File

@@ -70,7 +70,16 @@ export class OAuthRepository {
try {
const tokens = await authorizationCodeGrant(client, new URL(url), { expectedState, pkceCodeVerifier });
const profile = await fetchUserInfo(client, tokens.access_token, oidc.skipSubjectCheck);
let profile: OAuthProfile;
const tokenClaims = tokens.claims();
if (tokenClaims && 'email' in tokenClaims) {
this.logger.debug('Using ID token claims instead of userinfo endpoint');
profile = tokenClaims as OAuthProfile;
} else {
profile = await fetchUserInfo(client, tokens.access_token, oidc.skipSubjectCheck);
}
if (!profile.sub) {
throw new Error('Unexpected profile response, no `sub`');
}