no groups claim in OIDC response - ZITADEL

FFO

F

FFO•9/9/24, 11:56 AM

Hm the action should do the trick.

Can you check that the action name is addClaim?

FFO

F

FFO•9/10/24, 12:57 PM

Hm can you check what happens with something like

function addClaim(ctx, api) {
  api.v1.claims.setClaim('group', 'admin'); 
}

function addClaim(ctx, api) {
  api.v1.claims.setClaim('group', 'admin'); 
}

FFO

F

FFO•9/10/24, 12:58 PM

can you also check if jira has a debug log to check the token?

FFO

F

FFO•9/10/24, 12:59 PM

hm that is weird

FFO

F

FFO•9/10/24, 1:00 PM

can you share how the action is configured?

FFO

F

FFO•9/10/24, 1:03 PM

Hm I think you need to change to "Flow: Complement token, Triggers: Pre Userinfo creation, Pre access token creation"

FFO

F

FFO•9/10/24, 1:04 PM

Not sure where jira reads the data from, but I would start with pre-userinfo

FFO

F

FFO•9/10/24, 1:04 PM

https://zitadel.com/docs/apis/actions/complement-token

This flow is executed during the creation of tokens and token introspection.

FFO

F

FFO•9/10/24, 1:05 PM

yeah, lets start with pre userinfo

FFO

F

FFO•9/10/24, 1:07 PM

still the same error?

FFO

F

FFO•9/10/24, 1:07 PM

does it work if you do net check the group claim?

FFO

F

FFO•9/10/24, 1:07 PM

ah that is a required field

FFO

F

FFO•9/10/24, 1:10 PM

hm sad, can you try my action above?

FFO

F

FFO•9/10/24, 1:17 PM

function addClaim(ctx, api) {
  api.v1.claims.setClaim('group', 'admin'); 
}

function addClaim(ctx, api) {
  api.v1.claims.setClaim('group', 'admin'); 
}

FFO

F

FFO•9/10/24, 1:23 PM

yeah, i wanted to try if that is not corretly documented

FFO

F

FFO•9/10/24, 1:24 PM

What would help to know is "where" jira reads the claim from... id_token, userinfo endpoint, access_token...

FFO

F

FFO•9/10/24, 1:29 PM

lets try this

Screenshot_2024-09-10_at_15.28.31.png

FFO

F

FFO•9/10/24, 1:36 PM

ok, lets see what comes around there

FFO

F

FFO•9/10/24, 1:38 PM

happy to help