Dirk Schiffner
Reputation: 123
OpenID Connect - How to retrieve group membership (e.g. isMemberOf) with the userinfo endpoint?
I have OpenID Connect configured in OpenAM (OpenAm is the provider). Now I'm trying to retrieve the group membership of a user via the userinfo endpoint.
Authentication was successful and I retrieved the access_token, the id_token and the user profile. But I was not able to include the groups. What is missing? Is this even possible? Do I have to write my own ScopeHandler?
Regards
Kirby
Upvotes: 4
Views: 3903
Answers (1)
mirage
Reputation: 631
You will need to add "memberOf" to your scopes configuration in your agent setting on OpenAM. After that make a request using that scope as well. The values will be comma separated groups as in your AD.
Upvotes: 1
Related Questions
- Keycloak/OIDC : retrieve user groups attributes
- oauth-userinfo endpoint only returning "sub" value in #curity
- Get "groups" claims from Okta using the OpenID Connect Authorization Code Flow
- Spring OAuth2 OIDC - Getting user info and AD Group Information for Authorization
- How can OpenID Connect utilize userinfo for authorization?
- How do I use SPMemember.ID property to get User or Group
- OIDC: UserInfo for non-users
- OpenID connect Userinfo endpoint for other user than current loggend in user
- OPENAM: How to add information to the "User Information" OAuth2 / OpenID Connect endpoint
- OpenID Connect UserInfo Endpoint Usage