CD
Cloudflare Developers2mo ago
affinetform3d

access groups with nested OIDC claims

Hi, I would like to create an access group in Cloudflare Access based on an OIDC claim that is stored within an object inside an array. For example: 
{
  "email": "[email protected]",
  "oidc_fields": {
    "sub": "user-unique-id",
    "role": [
      {
        "description": "role description goes here",
        "teamId": "abcd/3412"
      }
    ]
  }
}
{
  "email": "[email protected]",
  "oidc_fields": {
    "sub": "user-unique-id",
    "role": [
      {
        "description": "role description goes here",
        "teamId": "abcd/3412"
      }
    ]
  }
}
I would like to create a rule so that only users who have a specific role description and belong to a specific team will be part of the access group. Users can have multiple roles in various teams, which is why it's an array. I don’t have control over the service providing these values, so I can't change the user identity structure even if I wanted to. Is it possible to access the claim in the "Claim name" section in this case? Thanks in advance for any help!
2 Replies
Erisa
Erisa2mo ago
sadly the documenntation for custom oidc providers is pretty barebones and doesnt cover this, i had the same question when i was building out a custom provider and ended up doing what you cant (changing the claim structure) if this is possible then its not documented, so i wouldnt know how to do it
affinetform3d
affinetform3d2mo ago
thanks for the quick reply. i was looking for an answer earlier this day in the documentation but i could not find anything. maybe i will have to come up with a different solution 😞
Want results from more Discord servers?
Add your server