Allow OIDC Bearer Tokens without emails
This reverts to functionality before #499 where an OIDC provider could be used with `--skip-jwt-bearer-tokens` and tokens without an email or profileURL would still be valid. This logic mirrors `middleware.createSessionStateFromBearerToken` which used to be the universal logic before #499.
parent
8515da3e
Please register or sign in to comment