Add OpenIdEmailVerification enum to OpenIdConfig

sea-snake · sea-snake · commit 6a0e8743dd33 · 2026-02-26T14:47:00.000+01:00
diff --git a/src/internet_identity/internet_identity.did b/src/internet_identity/internet_identity.did
@@ -364,6 +364,11 @@ type Aud = text;
 type JWT = text;
 type Salt = blob;
 
+type OpenIdEmailVerification = variant {
+    Google;
+    Microsoft;
+};
+
 type OpenIdConfig = record {
     name : text;
     logo : text;
@@ -373,6 +378,7 @@ type OpenIdConfig = record {
     auth_uri : text;
     auth_scope : vec text;
     fedcm_uri : opt text;
+    email_verification : opt OpenIdEmailVerification;
 };
 
 type OpenIdCredentialKey = record { Iss; Sub };
diff --git a/src/internet_identity/src/openid.rs b/src/internet_identity/src/openid.rs
@@ -12,8 +12,8 @@ use internet_identity_interface::internet_identity::types::openid::{
     OpenIdCredentialAddError, OpenIdDelegationError,
 };
 use internet_identity_interface::internet_identity::types::{
-    AnchorNumber, Delegation, EmailVerification, IdRegFinishError, MetadataEntryV2, OpenIdConfig,
-    PublicKey, SessionKey, SignedDelegation, Timestamp, UserKey,
+    AnchorNumber, Delegation, IdRegFinishError, MetadataEntryV2, OpenIdConfig,
+    OpenIdEmailVerification, PublicKey, SessionKey, SignedDelegation, Timestamp, UserKey,
 };
 use serde_bytes::ByteBuf;
 use sha2::{Digest, Sha256};
@@ -184,7 +184,7 @@ impl OpenIdCredential {
 pub trait OpenIdProvider {
     fn issuer(&self) -> String;
 
-    fn email_verification(&self) -> Option<EmailVerification>;
+    fn email_verification(&self) -> Option<OpenIdEmailVerification>;
 
     /// Verify JWT and bound nonce with salt, return `OpenIdCredential` if successful
     ///
@@ -289,12 +289,12 @@ pub fn get_all_claims(claims_bytes: &[u8], keys: Vec<String>) -> Vec<(String, St
 
 /// Get the verified email from metadata if it passes the provider's verification requirements.
 pub fn get_verified_email(
-    verification: &EmailVerification,
+    verification: &OpenIdEmailVerification,
     metadata: &HashMap<String, MetadataEntryV2>,
 ) -> Option<String> {
     match verification {
-        EmailVerification::Google => get_google_verified_email(metadata),
-        EmailVerification::Microsoft => get_microsoft_verified_email(metadata),
+        OpenIdEmailVerification::Google => get_google_verified_email(metadata),
+        OpenIdEmailVerification::Microsoft => get_microsoft_verified_email(metadata),
     }
 }
 
@@ -401,7 +401,7 @@ impl OpenIdProvider for ExampleProvider {
         "https://example.com".into()
     }
 
-    fn email_verification(&self) -> Option<EmailVerification> {
+    fn email_verification(&self) -> Option<OpenIdEmailVerification> {
         None
     }
 
@@ -603,7 +603,7 @@ impl OpenIdProvider for ExamplePlaceholderProvider {
         "https://login.microsoftonline.com/{tid}/v2.0".into()
     }
 
-    fn email_verification(&self) -> Option<EmailVerification> {
+    fn email_verification(&self) -> Option<OpenIdEmailVerification> {
         None
     }
 
diff --git a/src/internet_identity/src/openid/generic.rs b/src/internet_identity/src/openid/generic.rs
@@ -19,7 +19,7 @@ use identity_jose::jws::{
     VerificationInput,
 };
 use internet_identity_interface::internet_identity::types::{
-    EmailVerification, MetadataEntryV2, OpenIdConfig,
+    MetadataEntryV2, OpenIdConfig, OpenIdEmailVerification,
 };
 use rsa::{Pkcs1v15Sign, RsaPublicKey};
 use serde::Serialize;
@@ -103,15 +103,15 @@ pub struct Provider {
     client_id: String,
     issuer: String,
     certs: Rc<RefCell<Vec<Jwk>>>,
-    email_verification: Option<EmailVerification>,
+    email_verification: Option<OpenIdEmailVerification>,
 }
 
 impl OpenIdProvider for Provider {
     fn issuer(&self) -> String {
         self.issuer.clone()
     }
 
-    fn email_verification(&self) -> Option<EmailVerification> {
+    fn email_verification(&self) -> Option<OpenIdEmailVerification> {
         self.email_verification.clone()
     }
 
diff --git a/src/internet_identity_interface/src/internet_identity/types.rs b/src/internet_identity_interface/src/internet_identity/types.rs
@@ -356,10 +356,8 @@ pub enum DeployArchiveResult {
 }
 
 #[derive(Clone, Debug, CandidType, Deserialize, Eq, PartialEq)]
-pub enum EmailVerification {
-    #[serde(rename = "google")]
+pub enum OpenIdEmailVerification {
     Google,
-    #[serde(rename = "microsoft")]
     Microsoft,
 }
 
@@ -373,7 +371,7 @@ pub struct OpenIdConfig {
     pub auth_uri: String,
     pub auth_scope: Vec<String>,
     pub fedcm_uri: Option<String>,
-    pub email_verification: Option<EmailVerification>,
+    pub email_verification: Option<OpenIdEmailVerification>,
 }
 
 pub enum AuthorizationKey {

Original file line number	Diff line number	Diff line change
`@@ -356,10 +356,8 @@ pub enum DeployArchiveResult {`
`356`	`356`	`}`
`357`	`357`
`358`	`358`	`#[derive(Clone, Debug, CandidType, Deserialize, Eq, PartialEq)]`
`359`		`-pub enum EmailVerification {`
`360`		`- #[serde(rename = "google")]`
	`359`	`+pub enum OpenIdEmailVerification {`
`361`	`360`	`Google,`
`362`		`- #[serde(rename = "microsoft")]`
`363`	`361`	`Microsoft,`
`364`	`362`	`}`
`365`	`363`
`@@ -373,7 +371,7 @@ pub struct OpenIdConfig {`
`373`	`371`	`pub auth_uri: String,`
`374`	`372`	`pub auth_scope: Vec<String>,`
`375`	`373`	`pub fedcm_uri: Option<String>,`
`376`		`- pub email_verification: Option<EmailVerification>,`
	`374`	`+ pub email_verification: Option<OpenIdEmailVerification>,`
`377`	`375`	`}`
`378`	`376`
`379`	`377`	`pub enum AuthorizationKey {`