I’m trying to get information about group memberships when users log in using a Google G Suite Enterprise connection. I’ve checked “Extended Attributes > Groups” in the connection settings, but I don’t see any group-related claims in the ID token.
I found this thread, where the solution was:
the Google Admin scopes have to be added on the consent screen stage
But it doesn’t say which scopes to add. I have the Google Admin SDK enabled, but when I visit https://console.cloud.google.com/apis/credentials/consent the only scopes listed for that SDK are:
Neither of those seem relevant, or appear to work if I enable them.
There are more relevant-sounding scopes listed at https://developers.google.com/identity/protocols/googlescopes, and I’ve tried a few (e.g. https://www.googleapis.com/auth/admin.directory.group.member.readonly) by pasting them into the Add Scope dialog, but that didn’t seem to work either.
Which scope do I need to add in order to get this to work?