- Issue created by @colan
- Status changed to Closed: duplicate
almost 2 years ago 9:05pm 26 January 2023 - 🇵🇹Portugal jcnventura
That checkbox only applies when creating a user via the standard Drupal process. I'm assuming that for this scenario you are allowing users to be created by the OpenID Connect module. The module trusts the IDP to have verified the user. If you don't trust the IDP, please don't allow it to create users.
If Auth0 supports a email_verified, it seems to me obvious that the the Auth0 plugin should not allow users to login email_verified set to FALSE. Seems to be a bug in the Auth0 plugin that should be fixed there.
- 🇵🇹Portugal jcnventura
That checkbox only applies when creating a user via the standard Drupal process. I'm assuming that for this scenario you are allowing users to be created by the OpenID Connect module. The module trusts the IDP to have verified the user. If you don't trust the IDP, please don't allow it to create users.
If Auth0 supports a email_verified, it seems to me obvious that the the Auth0 plugin should not allow users to login email_verified set to FALSE. Seems to be a bug in the Auth0 plugin that should be fixed there.
- Status changed to Active
almost 2 years ago 9:49pm 26 January 2023 - 🇨🇦Canada colan Toronto 🇨🇦
If there are no other IDPs that operate like this (I have no idea), then you have a point. Let's keep this as a follow-up issue though, and get that one in first.
- Status changed to Postponed
almost 2 years ago 10:39pm 26 January 2023 - 🇵🇹Portugal jcnventura
OK. In any case the module doesn't have Auth0 support yet. Once it does, we can unblock this.
- Status changed to Closed: duplicate
almost 2 years ago 5:43pm 27 January 2023 - 🇨🇦Canada colan Toronto 🇨🇦
Configuring this at the IDP is actually trivial so I simply added docs for this on the Auth0 form, which is now in ✨ Add native support for Auth0 Needs review . So there's no coding necessary here.