synced with master

2025-03-29 10:46:42 +02:00 · 2025-03-29 10:46:42 +02:00 · c9f39ba167
parent 783a99d7cc e29655aba9
commit c9f39ba167
6 changed files with 18 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,13 @@
 - Minor UI fixes (_removed the superuser fields from the auth record create/update examples, etc._).


+## v0.26.6
+
+- Allow OIDC `email_verified` to be int or boolean string since some OIDC providers like AWS Cognito has non-standard userinfo response ([#6657](https://github.com/pocketbase/pocketbase/pull/6657)).
+
+- Updated `modernc.org/sqlite` to 1.36.3.
+
+
 ## v0.26.5

 - Fixed canonical URI parts escaping when generating the S3 request signature ([#6654](https://github.com/pocketbase/pocketbase/issues/6654)).
--- a/CHANGELOG_16_22.md
+++ b/CHANGELOG_16_22.md
@ -2,6 +2,11 @@
 > For the most recent versions, please refer to [CHANGELOG.md](./CHANGELOG.md)
 ---

+## v0.22.34
+
+- (_Backported from v0.26.6_) Allow OIDC `email_verified` to be int or boolean string since some OIDC providers like AWS Cognito has non-standard userinfo response ([#6657](https://github.com/pocketbase/pocketbase/pull/6657)).
+
+
 ## v0.22.33

 - (_Backported from v0.26.3_) Fixed and normalized logs error serialization across common types for more consistent logs error output ([#6631](https://github.com/pocketbase/pocketbase/issues/6631)).
--- a/go.mod
+++ b/go.mod
@ -21,7 +21,7 @@ require (
 	golang.org/x/net v0.37.0
 	golang.org/x/oauth2 v0.28.0
 	golang.org/x/sync v0.12.0
-	modernc.org/sqlite v1.36.2
+	modernc.org/sqlite v1.36.3
 )

 require (
--- a/go.sum
+++ b/go.sum
@ -130,8 +130,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.36.2 h1:vjcSazuoFve9Wm0IVNHgmJECoOXLZM1KfMXbcX2axHA=
-modernc.org/sqlite v1.36.2/go.mod h1:ADySlx7K4FdY5MaJcEv86hTJ0PjedAloTUuif0YS3ws=
+modernc.org/sqlite v1.36.3 h1:qYMYlFR+rtLDUzuXoST1SDIdEPbX8xzuhdF90WsX1ss=
+modernc.org/sqlite v1.36.3/go.mod h1:ADySlx7K4FdY5MaJcEv86hTJ0PjedAloTUuif0YS3ws=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
--- a/modernc_versions_check.go
+++ b/modernc_versions_check.go
@ -10,7 +10,7 @@ import (
 )

 const (
-	expectedDriverVersion = "v1.36.2"
+	expectedDriverVersion = "v1.36.3"
 	expectedLibcVersion   = "v1.61.13"

 	// ModerncDepsCheckHookId is the id of the hook that performs the modernc.org/* deps checks.
--- a/tools/auth/oidc.go
+++ b/tools/auth/oidc.go
@ -92,7 +92,7 @@ func (p *OIDC) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
 		Username      string `json:"preferred_username"`
 		Picture       string `json:"picture"`
 		Email         string `json:"email"`
-		EmailVerified bool   `json:"email_verified"`
+		EmailVerified any    `json:"email_verified"` // see #6657
 	}{}
 	if err := json.Unmarshal(data, &extracted); err != nil {
 		return nil, err
@ -110,7 +110,7 @@ func (p *OIDC) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {

 	user.Expiry, _ = types.ParseDateTime(token.Expiry)

-	if extracted.EmailVerified {
+	if cast.ToBool(extracted.EmailVerified) {
 		user.Email = extracted.Email
 	}