Root "roles" claim set by Azure AD enterprise connection is empty in rules

brikofen · March 14, 2021, 4:44pm

When using an Azure AD connection it passes its roles configuration as a “roles claim” on the root level. This claim can also be viewed on the users’s raw jason file.

I wanted to grab this roles claim with a rule and put it in the users app_metadata property. However this claim is empty inside of a rule.

function setRolesToUser(user, context, callback) {
  user.app_metadata = user.app_metadata || {};
	
  //get the roles claim from the current user and put it in the app_metadata claim
  user.app_metadata.roles = user.roles || {};
  
  console.log("This user has the following roles:" + JSON.stringify(user.roles));
  
  auth0.users.updateAppMetadata(user.user_id, user.app_metadata).then(function () {
      context.idToken['https://mytestapp.com/claims/roles'] = user.app_metadata.roles;
      callback(null, user, context);
    })
    .catch(function (err) {
      callback(err);
    });
}

Is this by design? Does the roles claim on root level get removed before it hits the rules? I’m also on the starter (legacy) subscription, might that be a reason why?
Sadly there is no way of telling Azure AD to use a different claim to provide the roles information in.

Can someone please help?

konrad.sopala · January 8, 2024, 8:53am

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!