oauth2-proxy: Can't login with user without email (Keycloak provider)

We have the use case where we want to allow users defined in KeyCloack to log in to some website after successful login and we use OAuth2 Proxy for that. The issue is that we have those user defined without email addresses in KeyCloak and OAuth2 proxy reports an error because of that.

Expected Behavior

I expect that it is possible to login for users that do not have email defined in KeyCloak.

Current Behavior

As for now OAuth2 Proxy reports 403 error:

403 Permission Denied Invalid Account

With following line in logs: 172.17.0.1:40206 - - [2020/09/08 10:19:38] [AuthFailure] Invalid authentication via OAuth2: unauthorized

Possible Solution

Introduce some kind of option/flag to allow to login email-less users and modify email validator code (https://github.com/oauth2-proxy/oauth2-proxy/blob/d69fd6af22751974364e35cc697f9eaaaef160d3/validator.go#L90) to treat empty emails as valid.

Steps to Reproduce (for bugs)

1. Setup some example realm and client in KeyCloak following OAuth2 Proxy guide/docs.
2. Create explicit user in KeyCloak and DO NOT fill the email field for him.
3. Configure OAuth2 Proxy with KeyCloak provider as mentioned in guide.
4. Try to login as a user created in step 2
5. You’ll see 403 Permission Denied error page.

Your Environment

• Version used: v6.1.1

Code references

Error log source: https://github.com/oauth2-proxy/oauth2-proxy/blob/73f00944861f223a5d66206f56c606d1a71cdd1b/oauthproxy.go#L817 Validator login for empty email: https://github.com/oauth2-proxy/oauth2-proxy/blob/d69fd6af22751974364e35cc697f9eaaaef160d3/validator.go#L90