-
Christian Franke authored
Not all id providers allow authentication clients to use the email scope. This is especially true under GDPR, when the email is not needed by the authentication client to provide its services. The only usage of the email field in `get_or_create_user` is to print a debug message if an unknown user tries to authenticate and automatic account creation is disabled. By abstracting this access by moving it into a new method `describe_user_by_claims`, authentication clients which identify users by other claims (e.g. `sub`), can now do so without having to duplicate large parts of the `get_or_create_user` methods when subclassing `OIDCAuthenticationBackend`.
14b16df2