Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alternative roles field #30

Open
jasonpincin opened this issue Dec 8, 2023 · 4 comments
Open

Alternative roles field #30

jasonpincin opened this issue Dec 8, 2023 · 4 comments

Comments

@jasonpincin
Copy link

It would be awesome if we could specify an alternative roles field. Some oauth2 providers do not allow roles to be set, but rather insist on name-spacing the roles field (looking at you Auth0). Perhaps in the UI, within the Adjustments section, similar to how you have an Alternative id key field, there could be an Alternative roles key field? Or even just a Roles namespace,

As a concrete example, the userinfo endpoint for our implementation returns a payload that contains the following:

{ 
  ...
  email_verified: true,
  'https://ourdomain.gg/roles': [ 'Group1 Member', 'Group2 Member' ]
}
@julianlam
Copy link
Member

Yep this is fine, will add.

@julianlam
Copy link
Member

julianlam commented Dec 8, 2023

While I have you, is the roles parameter name returned in the discovery endpoint?

https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

Cursory review says no 😞

@jasonpincin
Copy link
Author

jasonpincin commented Dec 8, 2023

No; it can only be done with a custom claim in Auth0 (via an "Action"). There's no way for it to know and advertise it via the discovery endpoint (that I know of).

@VictorElHajj
Copy link

Authentikat for example returns "groups" instead of roles.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants