add use_unverified_email setting to the config

2025-11-10 01:20:58 +01:00 · 2025-11-05 13:08:35 -05:00 · 2025-11-05 13:08:35 -05:00 · e119053cc8
commit e119053cc8
parent b1a90b9ed0
1 changed files with 12 additions and 0 deletions
--- a/config-example.yaml
+++ b/config-example.yaml
@ -361,6 +361,18 @@ unix_socket_permission: "0770"
 #   # required "openid" scope.
 #   scope: ["openid", "profile", "email"]
 #
+#   # Enable this setting to accept the user's email address regardless
+#   # if "email_verified: true" is sent by identity provider.
+#   #
+#   # By default, "email_verified: true" must appear in claims or user info
+#   # before Headscale will accept the principal's email address as the user
+#   # account is created after successful authentication.
+#   #
+#   # This setting is useful when claims and their mapping can't be controlled,
+#   # such as when using Cloudflare One-time pin for authentication.
+#
+#   use_unverified_email: false
+#
 #   # Provide custom key/value pairs which get sent to the identity provider's
 #   # authorization endpoint.
 #   extra_params: