From d3de0a096f5116a5f3ea938fb8d45889b073e8e8 Mon Sep 17 00:00:00 2001
From: Mohammed Noureldin <contact@mohammednoureldin.com>
Date: Fri, 14 Jun 2024 21:05:15 +0200
Subject: [PATCH] Add validations and default values

Throw readable exception if the user does not have an email address.

Do not fail if the user does not belong to any group.
---
 oidc_extended/callback.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/oidc_extended/callback.py b/oidc_extended/callback.py
index 541f5a8..ba8652b 100644
--- a/oidc_extended/callback.py
+++ b/oidc_extended/callback.py
@@ -67,11 +67,16 @@ def custom(code: str, state: str | dict):
 
     id_token = jwt.decode(token_response["id_token"], audience="erpnext", options={"verify_signature": False})
     username = id_token[user_id_claim_name]
-    email = id_token[email_claim_name]
+
+    if email_claim_name in id_token:
+        email = id_token[email_claim_name]
+    else:
+        frappe.msgprint("The user must have an email address.", raise_exception=True)
+
     first_name = id_token.get(given_name_claim_name, "No first name")
     last_name = id_token.get(family_name_claim_name, "No last name")
     # The groups the user have as received in the token.
-    groups = id_token[groups_claim_name]
+    groups = id_token.get(groups_claim_name, "")
     frappe.logger().debug(f"Groups of user {username}: {groups}")
 
     # Creates the user if does not exsit, otherwise updates the data according to the claims of the token.