Wt

LinkedIn implemented their OIDC service to return the email_verified claim as a string value "true".

When OidcProcess::handleResponse receives and processes such a token where the claim email_verified is not stored as a boolean value true but instead as a string value "true" (or "false"), a TypeError exception is generated and the token processing is aborted.

There are two possible issues:

1: The authenticated signal is never triggered. I guess, that this is not the intention but I'm not too well versed in the internals of OidcService to be sure. At the moment, this might leave the process object alive.

2: I think, the TypeError exception could be avoided by changing this line:

bool emailVerified = claims.get("email_verified").orIfNull(false);

into:

bool emailVerified = claims.get("email_verified").toBool().orIfNull(false);

Json::Value::toBool() seems to safely attempt a conversion to a string value and checks for "true" and "false".

At the moment, I see no solution other than patching my Wt sources.