When using an Azure AD connection it passes its roles configuration as a “roles claim” on the root level. This claim can also be viewed on the users’s raw jason file.
I wanted to grab this roles claim with a rule and put it in the users app_metadata property. However this claim is empty inside of a rule.
function setRolesToUser(user, context, callback) {
user.app_metadata = user.app_metadata || {};
//get the roles claim from the current user and put it in the app_metadata claim
user.app_metadata.roles = user.roles || {};
console.log("This user has the following roles:" + JSON.stringify(user.roles));
auth0.users.updateAppMetadata(user.user_id, user.app_metadata).then(function () {
context.idToken['https://mytestapp.com/claims/roles'] = user.app_metadata.roles;
callback(null, user, context);
})
.catch(function (err) {
callback(err);
});
}
Is this by design? Does the roles claim on root level get removed before it hits the rules? I’m also on the starter (legacy) subscription, might that be a reason why?
Sadly there is no way of telling Azure AD to use a different claim to provide the roles information in.
Can someone please help?