oAuth (GitHub) email verification #2305

New Issue

Closed

opened 2026-02-05 03:36:40 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-05 03:36:40 +03:00

Owner

Copy Link

Originally created by @ArieLevs on GitHub (Jun 23, 2021).

Describe the bug
I'm not sure if its a bug or expected behavior,
but when setting up oauth vis GitHub and allowing registration the application tries to send a verification email.
I'm not sure why?

Steps To Reproduce
Steps to reproduce the behavior:

1. Setup authentication via GitHub
2. Enable registration so new users can register (for application settings)
3. Click the Don't have an account? on login screen
4. Choose Sign up with GitHub

Expected behavior
If using oAuth email verification should not be enforced.

Screenshots
If applicable, add screenshots to help explain your problem.

Your Configuration (please complete the following information):

• Exact BookStack Version: v0.31.6
• Hosting Method (Nginx/Apache/Docker): Docker

Originally created by @ArieLevs on GitHub (Jun 23, 2021). **Describe the bug** I'm not sure if its a bug or expected behavior, but when setting up oauth vis GitHub and allowing registration the application tries to send a verification email. I'm not sure why? **Steps To Reproduce** Steps to reproduce the behavior: 1. Setup [authentication via GitHub](https://www.bookstackapp.com/docs/admin/third-party-auth/#github) 2. Enable registration so new users can register (for application settings) 3. Click the `Don't have an account?` on login screen 4. Choose `Sign up with GitHub` **Expected behavior** If using oAuth email verification should not be enforced. **Screenshots** If applicable, add screenshots to help explain your problem. **Your Configuration (please complete the following information):** - Exact BookStack Version: v0.31.6 - Hosting Method (Nginx/Apache/Docker): Docker

OVERLORD closed this issue 2026-02-05 03:36:43 +03:00

OVERLORD commented 2026-02-05 03:36:47 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 23, 2021):

Hi @ArieLevs,
Within the settings of your BookStack instance, Are you using the "Domain Restriction" or "Email Confirmation" options at all?

@ssddanbrown commented on GitHub (Jun 23, 2021): Hi @ArieLevs, Within the settings of your BookStack instance, Are you using the "Domain Restriction" or "Email Confirmation" options at all?

OVERLORD commented 2026-02-05 03:36:52 +03:00

Author

Owner

Copy Link

@ArieLevs commented on GitHub (Jun 23, 2021):

Hi @ssddanbrown, yes we use domain restriction (but not email confirmation),
I assume this should of been a feature request instead of a bug issue,
to add "allowed github organizations" or "restrict by GitHub user email".

The behavior is not 100% clear,
if for example I add test.com as restriction, and then try to register with GitHub user that has an email of gmail.com then I get message "The email domain does not have access to this application",
this means that the restriction works as expected,
but because it's a oauth user i'd assume verification would not be needed.

Thanks for the quick response, I'll close this one.

@ArieLevs commented on GitHub (Jun 23, 2021): Hi @ssddanbrown, yes we use domain restriction (but not email confirmation), I assume this should of been a feature request instead of a bug issue, to add "allowed github organizations" or "restrict by GitHub user email". The behavior is not 100% clear, if for example I add `test.com` as restriction, and then try to register with GitHub user that has an email of `gmail.com` then I get message "The email domain does not have access to this application", this means that the restriction works as expected, but because it's a oauth user i'd assume verification would not be needed. Thanks for the quick response, I'll close this one.

OVERLORD commented 2026-02-05 03:36:58 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 23, 2021):

Thanks for confirming @ArieLevs,

It's worth reading the "Automatic Email Confirmation" section of this page: https://www.bookstackapp.com/docs/admin/third-party-auth/

Setting GITHUB_AUTO_CONFIRM_EMAIL=true should mean that GitHub provided email addresses are treated as verified.

@ssddanbrown commented on GitHub (Jun 23, 2021): Thanks for confirming @ArieLevs, It's worth reading the "Automatic Email Confirmation" section of this page: https://www.bookstackapp.com/docs/admin/third-party-auth/ Setting `GITHUB_AUTO_CONFIRM_EMAIL=true` should mean that GitHub provided email addresses are treated as verified.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2305