I am attempting to configure OAuth claims to match groups in Azure AD configuration.
I’m using socialiteproviders/microsoft
provider.
We can log in successfully using OAuth, with the default_role global-read
.
Next, we should match claims to scopes in order to allow some users belonging to a specific group to be administrators.
I’m having a hard time understanding the limited documentation for this.
If anyone has a useful example to share with me, it would be greatly appreciated.
This is my current socialite
configuration:
{
"redirect": false,
"register": true,
"default_role": "global-read",
"claims": {
"9b7d0624-xxxx-xxxx-xxxx-63f9d3260xxx": {
"roles": [
"admin"
]
}
},
"configs": {
"microsoft": {
"client_id": "redacted",
"client_secret": "redacted",
"tenant": "redacted",
"listener": "\\SocialiteProviders\\Microsoft\\MicrosoftExtendSocialite",
"redirect": "https://librenms.redacted.com/auth/microsoft/callback"
}
},
"scopes": [
"groups"
]
}
Under claims
I’ve set the ID of the group in Azure AD that should get the admin
role.
Under scopes
I’ve set the groups
an in the documentation example. However, I’m not sure what I should put here.
Thanks.
Regards.