Is it possible to map users’ roles or groups from Google for use in Auth0?
I need users to assume the role configured on Google when logging in. A second option would be to map the user’s groups from Google as roles in Auth0.
I created an post-login Action to retrieve values from the ‘event.user.identities’ object, but there are no values for roles or groups.
By the way, I’m using Enterprise authentication and I’ve activated the Groups option in Extended Attributes, but I’m getting the error “Unable to get groups: unauthorized”.
I am checking the options here, and for now, I can share the feedback regarding:
Your client application, on the user’s behalf, can only access scopes requested during the authentication.
Can you please check if the /authorize request that your application sends to auth0 contains the scope query parameter with Google’s group scope?
If I’m not mistaken, the scope for Google Groups membership is https://apps-apis.google.com/a/feeds/groups/.
Also, make sure that the application registered on the Google side has appropriate scopes allowed.
We have a Knowledge Solution for analogic use-case, maybe you find it helpful for general steps: Accessing Additional Scopes in Google Social Connection