Detecting if a user's email address is verified

Howdy!

I’m working on a “Login with GitLab.com” feature for https://clojars.org, and have a question about verified email addresses. The OAuth application requests the read_user scope. With the token I get with that scope, I can call the /v4/user API endpoint and use the email attribute (the primary email) in that response to find the user on my side and log them in. That works well.

However, the user’s email on my side may not be their primary email in their GitLab.com account, but may be a secondary email. I can use that token to call /v4/user/emails to get a list of the secondary emails, but that list includes all secondary emails, verified or no, with no indication of verification status. Using the id from the email list and calling /v4/user/emails/<id> gives no additional information.

Is there a way with read_user scope to get the verification status of the secondary emails? Without that, I can’t use any of the secondary emails as user identities.

Thanks!

  • Toby