-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alternative roles field #30
Comments
Yep this is fine, will add. |
While I have you, is the roles parameter name returned in the discovery endpoint? https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata Cursory review says no 😞 |
No; it can only be done with a custom claim in Auth0 (via an "Action"). There's no way for it to know and advertise it via the discovery endpoint (that I know of). |
Authentikat for example returns "groups" instead of roles. |
It would be awesome if we could specify an alternative roles field. Some oauth2 providers do not allow
roles
to be set, but rather insist on name-spacing the roles field (looking at you Auth0). Perhaps in the UI, within theAdjustments
section, similar to how you have anAlternative id key
field, there could be anAlternative roles key
field? Or even just aRoles namespace
,As a concrete example, the
userinfo
endpoint for our implementation returns a payload that contains the following:The text was updated successfully, but these errors were encountered: