@jmangelo , I don’t know witch Graph API auth0 is calling but, i’ve been able to work around the problem with this rule :
function (user, context, callback) {
if (user.identities[0].provider !== 'waad')
return callback(null, user, context);
var aad_access_token = user.identities[0].access_token;
// call Azure's graph api to get information about the user
var baseUrl = 'https://graph.windows.net/' + user.tenantid + '/users/' + user.oid;
console.log('baseUrl:' + baseUrl);
var apiRequest = function (segment, nullEncoding, callback) {
var options = {
url: baseUrl + '/' + segment + '?api-version=1.6',
headers: {
'Authorization': 'Bearer ' + aad_access_token
}
};
if (nullEncoding) {
options.encoding = null;
}
console.log('Requesting to ' + options.url);
request(options, function (err, response, body) {
if (err) {
console.log("Error when calling " + options.url);
console.log(err);
}
callback(err, response, body);
});
};
var getMemberOf = function (cb) {
apiRequest('memberOf', false, function (err, response, body) {
if (!err && response.statusCode === 200) {
var memberOf = JSON.parse(body);
console.log(memberOf);
cb(memberOf, err);
}
});
};
getMemberOf(function (memberOf, err) {
var filteredGroups = memberOf.value
.filter(function (group) {
return group.objectType === 'Group';
}).map(function (g) {
return g.displayName;
});
user.app_metadata = user.app_metadata || {};
user.app_metadata.groups = filteredGroups;
auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
.then(function () {
callback(null, user, context);
})
.catch(function (err) {
callback(err);
});
});
}