Is there a way to add the Group Id to the access token in a rule/action?
My backend api needs to restrict the data returned based on the user’s group(s).
The default rule for adding groups from the authorization extension only adds the group name rather than the group id.
While helpful, this could lead to problems as the group name could easily change.
I would use organizations and organization id, but this is restricted to the Enterprise plan so that is out.
Are there any other/better options than either:
Make an additional authorization extension api call in the custom rule to retrieve the user’s groups, parse the returned id’s, and add a custom claim
Or:
Have the backend API make calls to the authorization extension ‘api/groups’ endpoint to get a list of all group names/ids and then map the group names received on the access token to the appropriate group id
Thanks for posting a really well-thought-out question. You’ve mentioned the two approaches that I would have suggested.
Unfortunately, there is no silver bullet here, and you will have to implement one of the solutions you described. Let me know if you have any specific questions about it.