Signing in with Office 365 works if I comment out these lines from frappe/frappe/utils/oauth.py
if not (info.get("verified_email") or info.get("verified")):
frappe.throw(_("Email not verified with {0}").format(provider.title()))
After further investigation, it doesn’t seem that Microsoft sends a claim called “verified_email” or “verified” in their ID Token:
https://docs.microsoft.com/en-au/azure/active-directory/develop/id-tokens#payload-claims
If I print out the ID Token during the sign in process to my ERPNext instance, I see the following:
{
“upn”:“dirk@xxxxx.co.za”,
“family_name”:“van der Laarse”,
“sub”:“xxxxxxxxxxxxxxxxxxxxxxxxxx”,
“uti”:“xxxxxxxxxxxxxxx-xxxxx”,
“ver”:“1.0”,
“aud”:“xxxx-xxx-xxxx-xxxx-xxxxxxxx”,
“iss”:“https://sts.windows.net/xxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxx/”,
“oid”:“xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx”,
“ipaddr”:“xxx.x.x.xxx”,
“unique_name”:“dirk@xxxx.co.za”,
“given_name”:“xxxx”,
“exp”:1554844213,
“tid”:“xxxxxxxx-xxxx-xxx-xxxx-xxxxx”,
“iat”:1554840313,
“amr”:[
“pwd”
],
“nbf”:xxxxxxxxx,
“name”:“xxxxxxxxxxxxxx”
}
Which confirms that there isn’t a “verified” key to check. I’ll raise an issue for this