diff --git a/server/src/repositories/oauth.repository.ts b/server/src/repositories/oauth.repository.ts index 85263cd647..29e6ffbb52 100644 --- a/server/src/repositories/oauth.repository.ts +++ b/server/src/repositories/oauth.repository.ts @@ -43,7 +43,12 @@ export class OAuthRepository { const params = client.callbackParams(url); try { const tokens = await client.callback(redirectUrl, params, { state: params.state }); - return await client.userinfo(tokens.access_token || ''); + const profile = await client.userinfo(tokens.access_token || ''); + if (!profile.sub) { + throw new Error('Unexpected profile response, no `sub`'); + } + + return profile; } catch (error: Error | any) { if (error.message.includes('unexpected JWT alg received')) { this.logger.warn(