Authenticate with Oauth2 apis that do not return an email

[nadiamoe]

Hi there!

I'm trying to set up a wiki.js installation using a Mastodon server as an authentication backend. However, the Mastodon API does not return the user's email, for privacy reasons.

Understandably, wiki.js refuses to accept as an email something that is not an email:

I would like to understand better this limitation: What does wiki.js use emails for, exactly? Are they used as unique IDs, or must they be valid email addresses capable of receiving emails?

If the former, would it be possible to skip this validation for certain authentication strategies? Or perhaps to allow specifying some kind of template to "coerce" an unique ID returned by the API into an email address? Something like:

Looking forward to hear whether you think my use case makes sense 😄

[nadiamoe]

I have hacked together a proxy that injects a fake email to Mastodon's verify_credentials response: https://github.com/roobre/mastodon-api-proxy

This is a hopefully temporary hack though. I think it would be great to know more abut whether what I'm doing makes sense, and whether it would be something interesting to incorporate into wiki.js directly instead of adding one more moving piece to the mix.

[luketeam5]

I'm curious if anyone has discovered an alternative to using a fake email address for this. I was a bit taken aback by the requirement for an email, as I would like to use Roblox OAuth2, which won't ever provide an e-mail. I'd really appreciate any suggestions for streamlining the process.

[aoisensi]

Maybe Wiki.js use email address for git connection.
Git commit need some emails address.
I dont want collect users email address, so I want Wiki.js create dummy address when register without email.
I want to use Steam as my only means of login.

[luketeam5]

Hm, but Git can use the fallback e-mail in the case an fake e-mail is given.