OIDCConfig: email not verified

Varamil · March 19, 2025, 8:28am

Hello,
I’m trying to use Gitea to manage authentification on Grist, but I face this error " OIDCConfig: email not verified".

Here is my grist OIDC configuration:

GRIST_OIDC_SP_HOST=http://localhost:8484
GRIST_OIDC_IDP_ISSUER=http://gitea:3000
GRIST_OIDC_IDP_SCOPES=openid profile email
GRIST_OIDC_IDP_CLIENT_ID=id
GRIST_OIDC_IDP_CLIENT_SECRET=secret
GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT=true

And here is the error while trying to connect:

grist | 2025-03-19 07:45:30.991 - debug: Got tokenSet: {
grist | access_token: ‘REDACTED’,
grist | token_type: ‘bearer’,
grist | expires_at: 1742373930,
grist | refresh_token: ‘REDACTED’,
grist | id_token: ‘REDACTED’
grist | }
gitea | 2025/03/19 08:45:31 …eb/routing/logger.go:102:func1() [I] router: completed GET /login/oauth/userinfo for 172.20.0.1:42070, 200 OK i n 15.5ms @ auth/oauth2_provider.go:92(auth.InfoOAuth)
grist | 2025-03-19 07:45:31.019 - debug: Got userinfo: {
grist | sub: ‘1’,
grist | name: ‘USERNAME’,
grist | preferred_username: ‘USERNAME’,
grist | email: ‘username@example.com’,
grist | picture: ‘http://192.168.100.20:3000/avatars/62bb0eeacbca507f2ef1f09fb33b1975’,
grist | groups: null
grist | }
grist | 2025-03-19 07:45:31.021 - error: OIDC callback failed: Error: OIDCConfig: email not verified for username@example.com
grist | at OIDCConfig.handleCallback (/grist/_build/app/server/lib/OIDCConfig.js:192:23)
grist | at process.processTicksAndRejections (node:internal/process/task_queues:105:5)

As everything is hosted locally, I fully control users in Gitea, so I don’t need that email to be verified. Then I understand that a such parameter “OIDCAllowUnverifiedEmail” should be set but I don’t kown how to.

Girst and Gitea are run in docker, last version.

thank you

paul-grist · March 19, 2025, 12:21pm

This looks related:

For your scenario, where you have full control and don’t need verification, setting the environment variable GRIST_OIDC_SP_IGNORE_EMAIL_VERIFIED=true may suffice.

Varamil · March 19, 2025, 12:42pm

Thank you @paul-grist, it looks what I need.

Is there any place where find all environment variables ? Most of them are on the https://github.com/gristlabs/grist-core readme, but for example this one is not present.

I’ll confirm the solution when I can try it.

paul-grist · March 19, 2025, 2:25pm

No, if the aren’t in the README, then they’re just not documented. Sometimes people forget to add them there. You could open an issue on a repo to report that it is missing, or edit the README yourself and do a pull request.

Varamil · March 19, 2025, 5:55pm

Thank you @paul-grist, the solution is working.

I’ve also done a pull request to update the documentation.