I’m working on a “Login with GitLab.com” feature for https://clojars.org, and have a question about verified email addresses. The OAuth application requests the
read_user scope. With the token I get with that scope, I can call the
/v4/user API endpoint and use the
However, the user’s email on my side may not be their primary email in their GitLab.com account, but may be a secondary email. I can use that token to call
/v4/user/emails to get a list of the secondary emails, but that list includes all secondary emails, verified or no, with no indication of verification status. Using the id from the email list and calling
/v4/user/emails/<id> gives no additional information.
Is there a way with
read_user scope to get the verification status of the secondary emails? Without that, I can’t use any of the secondary emails as user identities.