stale-queen-97584
02/13/2022, 10:11 PMoidc.gitlab.jsonnet
. Is there an example of how this should be implemented in the values file?identity schema
In the values.yml
. Is it possible they have to go somewhere else? I would love an example in the helm docs
"oidc.gitlab.jsonnet": |
{
local claims = {
email_verified: false
} + std.extVar('claims');
{
identity: {
traits: {
// Allowing unverified email addresses enables account
// enumeration attacks, especially if the value is used for
// e.g. verification or as a password login identifier.
//
// Therefore we only return the email if it (a) exists and (b) is marked verified
// by GitLab.
[if "email" in claims && claims.email_verified then "email" else null]: claims.email,
},
},
}
}