External IDP - getting stuff out of the idToken
Hi,
Is there any way to get at the contents of the idToken in the actions?
Azure AD does not send the App Roles in the providerInfo, but rather inside the idToken and I would like to get at it to set application grants dynamically.
Is there a nice way to do this?
Thanks!
3 Replies
As far as I remember, the ctx.idtoken holds that info
Yes, i was able to get it with getClaims as specified here https://zitadel.com/docs/apis/actions/external-authentication
ZITADEL Docs
This flow is executed if the user logs in using an identity provider.
One challenge is that one cannot change the grants from inside a Post Auth flow, so I was wondering how to get role updates for the user coming in from an external system. Any tips?