I’m trying to get lists of security groups that users belong to in my azure ad, but they never seem to show up in the claims. If I go look at my user’s raw json I see the list there so I’m doing something right. But I’m not sure how to get those to be included into the token so I can set up authorization on my web api.
I’ve tried setting up the authorization extension as follows:
I’m missing something here.
@matthew.tabor have you tried using a Rule to add the group_ids to the token? An example of adding claims to the token:
function (user, context, callback) {
const namespace = 'https://myapp.example.com/';
context.idToken[namespace + 'favorite_color'] = user.favorite_color;
context.idToken[namespace + 'preferred_contact'] = user.user_metadata.preferred_contact;
callback(null, user, context);
}
For group_ids I believe it should look something like context.idToken[namespace + “group_ids”] = user.group_ids;.
Kim, this seems to be the part I was missing. After adding the rule I now am seeing the group ids in the access token as expected and my authorization seems to work now.
That is awesome! Glad to hear 
let me know if you have any other questions.