From 3addeb132c279a360c1fca27470d3cf2361aea21 Mon Sep 17 00:00:00 2001
From: Michail Chatzipanagiotou <chtzmike@gmail.com>
Date: Sun, 31 Aug 2025 14:19:44 +0200
Subject: [PATCH] feature: remove email requirement from identity provider on
 env value true

---
 .../discord/DiscordIdentityProvider.java      | 35 +++++++++++++------
 .../DiscordIdentityProviderConfig.java        |  6 ++--
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java b/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java
index b14fc3e..55769da 100755
--- a/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java
+++ b/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java
@@ -46,6 +46,7 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
     public static final String PROFILE_URL = "https://discord.com/api/users/@me";
     public static final String GROUP_URL = "https://discord.com/api/users/@me/guilds";
     public static final String DEFAULT_SCOPE = "identify email";
+    public static final String IDENTIFY_ONLY_SCOPE = "identify";
     public static final String GUILDS_SCOPE = "guilds";
 
     public DiscordIdentityProvider(KeycloakSession session, DiscordIdentityProviderConfig config) {
@@ -67,17 +68,19 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
 
     @Override
     protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, JsonNode profile) {
-        BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"), getConfig());
+        final BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"), getConfig());
 
         String username = getJsonProperty(profile, "username");
-        String discriminator = getJsonProperty(profile, "discriminator");
+        final String discriminator = getJsonProperty(profile, "discriminator");
 
         if (!"0".equals(discriminator)) {
             username += "#" + discriminator;
         }
 
         user.setUsername(username);
-        user.setEmail(getJsonProperty(profile, "email"));
+        if (getConfig().getDefaultScope().contains("email")) {
+            user.setEmail(getJsonProperty(profile, "email"));
+        }
         user.setIdp(this);
 
         AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
@@ -88,7 +91,7 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
     @Override
     protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
         log.debug("doGetFederatedIdentity()");
-        JsonNode profile = null;
+        JsonNode profile;
         try {
             profile = SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
         } catch (Exception e) {
@@ -105,14 +108,16 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
 
     protected boolean isAllowedGuild(String accessToken) {
         try {
-            JsonNode guilds = SimpleHttp.doGet(GROUP_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
-            Set<String> allowedGuilds = getConfig().getAllowedGuildsAsSet();
+            final JsonNode guilds = SimpleHttp.doGet(GROUP_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
+            final Set<String> allowedGuilds = getConfig().getAllowedGuildsAsSet();
+
             for (JsonNode guild : guilds) {
                 String guildId = getJsonProperty(guild, "id");
                 if (allowedGuilds.contains(guildId)) {
                     return true;
                 }
             }
+
             return false;
         } catch (Exception e) {
             throw new IdentityBrokerException("Could not obtain guilds the current user is a member of from discord.", e);
@@ -121,10 +126,18 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
 
     @Override
     protected String getDefaultScopes() {
-        if (getConfig().hasAllowedGuilds()) {
-            return DEFAULT_SCOPE + " " + GUILDS_SCOPE;
-        } else {
-            return DEFAULT_SCOPE;
-        }
+        final StringBuilder defaultScope = new StringBuilder();
+
+        if ("true".equalsIgnoreCase(System.getenv("KEYCLOAK_DISCORD_AUTH_SKIP_EMAIL")))
+            defaultScope.append(IDENTIFY_ONLY_SCOPE + " ");
+        else
+            defaultScope.append(DEFAULT_SCOPE + " ");
+
+        if (getConfig().hasAllowedGuilds())
+            defaultScope.append(GUILDS_SCOPE + " ");
+
+        //can be expanded with any other conditional scopes in the future
+
+        return defaultScope.toString();
     }
 }
diff --git a/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java b/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java
index 099a989..1e5a0b1 100755
--- a/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java
+++ b/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java
@@ -46,14 +46,14 @@ public class DiscordIdentityProviderConfig extends OAuth2IdentityProviderConfig
     }
 
     public boolean hasAllowedGuilds() {
-        String guilds = getConfig().get("allowedGuilds");
+        final String guilds = getConfig().get("allowedGuilds");
         return guilds != null && !guilds.trim().isEmpty();
     }
 
     public Set<String> getAllowedGuildsAsSet() {
         if (hasAllowedGuilds()) {
-            String guilds = getConfig().get("allowedGuilds");
-            return Arrays.stream(guilds.split(",")).map(x -> x.trim()).collect(Collectors.toSet());
+            final String guilds = getConfig().get("allowedGuilds");
+            return Arrays.stream(guilds.split(",")).map(String::trim).collect(Collectors.toSet());
         }
         return Collections.emptySet();
     }