Community
Select to view content in your preferred language

OpenID Connect Cognito group scope configuration (OIDC)

89
0
2 weeks ago
Labels (1)
Labels
LeonBowers2
by
Occasional Contributor
2 weeks ago

Hi,

We’ve enabled OpenID Connect (OIDC) logins in AGOL and can successfully authenticate users and create accounts with the scopes below:

LeonBowers2_0-1750057748571.png

We want to enable AGOL group membership based upon OIDC groups but can’t get the scopes correct. This is what is being returned from Cognito for a test user:

       "groups": [
           "corporate_user",
           "projects_user-aswa"
       ],

When updating the provider scopes to include groups, our login using OIDC breaks.

LeonBowers2_1-1750057748572.png

Results in:

LeonBowers2_2-1750057748573.png

I’ve tried many different values for the scope including groups[] and variations of it, but can’t get it correct.

Any idea what the scope syntax in AGOL should be or should we change the groups JSON format in Cognito to something different?

Thanks,

Leon.

0 Kudos
0 Replies