512cb3169e
If you have an oidc connector configured *and* that IDP provides thin tokens (e.g. okta) then the majority of the requested claims come in the getUserInfo call (such as email_verified). So if getUserInfo is configured it should be run before claims are validated. |
||
---|---|---|
.. | ||
oidc.go | ||
oidc_test.go |