From 6204ff351c241f5ad77aa645ec365e1167260f72 Mon Sep 17 00:00:00 2001
From: Akhil Narang <me@akhilnarang.dev>
Date: Tue, 23 Dec 2025 18:14:15 +0530
Subject: [PATCH] fix(oauth): convert email to lowercase

All user emails are stored as lowercase, but OAuth provider could have it in mixed case.
We pass the email as-is to LoginManager, which could result in a session with an incorrect email.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
---
 frappe/utils/oauth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/frappe/utils/oauth.py b/frappe/utils/oauth.py
index 28b30fa403..d35c8ac2b2 100644
--- a/frappe/utils/oauth.py
+++ b/frappe/utils/oauth.py
@@ -213,7 +213,9 @@ def login_oauth_user(
 		frappe.respond_as_web_page(_("Invalid Request"), _("Token is missing"), http_status_code=417)
 		return
 
-	user = get_email(data)
+	# All user emails are stored as lowercase, but OAuth provider could have it in mixed case.
+	# We pass the email as-is to LoginManager, which could result in a session with an incorrect email.
+	user = get_email(data).lower()
 
 	if not user:
 		frappe.respond_as_web_page(