Microsoft AD/OIDC will not return the email claim even if the email scope is requested.
On Line 339 the cookie is set with a signed JSON Web Token containing a subject field that requires decodedToken.payload.email, however when that email claim is not present the code 500 errors with no details.
Switching to decodedToken.payload.unique_name fixes the problem when using Microsoft AD - however whether this is a breaking change for other providers I don't know.
I would like to see a more dynamic why to get the subject for the JWT, or at least extra documentation pointing out this potential issue.
In my code I have replaced any decodedToken.payload.email with getSubject(decodedToken) and added the following function to the bottom of my auth.js file:
// getSubject returns a unique identify suitable for the subject field
function getSubject(decodedToken) {
return decodedToken.payload.email || decodedToken.payload.unique_name;
}
Microsoft AD/OIDC will not return the
emailclaim even if the email scope is requested.On Line 339 the cookie is set with a signed JSON Web Token containing a
subjectfield that requiresdecodedToken.payload.email, however when thatemailclaim is not present the code 500 errors with no details.Switching to
decodedToken.payload.unique_namefixes the problem when using Microsoft AD - however whether this is a breaking change for other providers I don't know.I would like to see a more dynamic why to get the subject for the JWT, or at least extra documentation pointing out this potential issue.
In my code I have replaced any
decodedToken.payload.emailwithgetSubject(decodedToken)and added the following function to the bottom of myauth.jsfile: