In Azure there is a App Registration → Token Configuration that determines what other claims are included in ID or access token. I have NOT yet added groups claim to it, but Auth0 seems to be returning all the groups the user belongs to. Is Auth0 doing a separate query and not using the list included in the Azure token? I’m asking because Azure has a flag/feature to return only groups that are part of the application to limit the number of groups returned to those that are member of the application, which I’m planning to use in the future.
Action:
exports.onExecutePostLogin = async (event, api) => {
const namespace = ‘azure’;
api.idToken.setCustomClaim(${namespace}_groups, event.user.groups);
api.accessToken.setCustomClaim(${namespace}_groups, event.user.groups);
};