Skip to content

Is Pinniped working with unverified e-mails from our OIDC? #1034

Answered by cfryanr
junoriosity asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @junoriosity,

Thanks for the question.

When you define a JWTAuthenticator, Pinniped actually leverages some code from the Kubernetes code base to help implement that feature. You can see it here in the Pinniped source code, where it constructs an object from the Kubernetes API sever library:

oidcAuthenticator, err := oidc.New(oidc.Options{

Inside that Kubernetes library code, there is a check for the email_verified claim. You can see that code here: https://github.com/kubernetes/kubernetes/blob/b435061c80eea02304cfd5affceca001fc67f9ba/staging/src/k8s.io/apiserver/plugin/pkg…

Replies: 2 comments 2 replies

Comment options

You must be logged in to vote
1 reply
@junoriosity
Comment options

Comment options

You must be logged in to vote
1 reply
@junoriosity
Comment options

Answer selected by junoriosity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants