Alternative roles field #30

jasonpincin · 2023-12-08T16:27:31Z

It would be awesome if we could specify an alternative roles field. Some oauth2 providers do not allow roles to be set, but rather insist on name-spacing the roles field (looking at you Auth0). Perhaps in the UI, within the Adjustments section, similar to how you have an Alternative id key field, there could be an Alternative roles key field? Or even just a Roles namespace,

As a concrete example, the userinfo endpoint for our implementation returns a payload that contains the following:

{ 
  ...
  email_verified: true,
  'https://ourdomain.gg/roles': [ 'Group1 Member', 'Group2 Member' ]
}

The text was updated successfully, but these errors were encountered:

julianlam · 2023-12-08T16:29:11Z

Yep this is fine, will add.

julianlam · 2023-12-08T16:30:53Z

While I have you, is the roles parameter name returned in the discovery endpoint?

https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

Cursory review says no 😞

jasonpincin · 2023-12-08T17:10:06Z

No; it can only be done with a custom claim in Auth0 (via an "Action"). There's no way for it to know and advertise it via the discovery endpoint (that I know of).

VictorElHajj · 2024-04-01T20:30:59Z

Authentikat for example returns "groups" instead of roles.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Alternative roles field #30

Alternative roles field #30

jasonpincin commented Dec 8, 2023

julianlam commented Dec 8, 2023

julianlam commented Dec 8, 2023 •

edited

jasonpincin commented Dec 8, 2023 •

edited

VictorElHajj commented Apr 1, 2024

Alternative roles field #30

Alternative roles field #30

Comments

jasonpincin commented Dec 8, 2023

julianlam commented Dec 8, 2023

julianlam commented Dec 8, 2023 • edited

jasonpincin commented Dec 8, 2023 • edited

VictorElHajj commented Apr 1, 2024

julianlam commented Dec 8, 2023 •

edited

jasonpincin commented Dec 8, 2023 •

edited