This change makes it so that the group membership check is skipped if group_id is empty.
The reasoning is that if our azure app is not authorised to read group membership with /checkMemberGroups, then this is a way to make pam_aad not worry about it, rather than error. (And group based access can be enforced with other PAM modules, if required.)
This change makes it so that the group membership check is skipped if
group_id
is empty.The reasoning is that if our azure app is not authorised to read group membership with
/checkMemberGroups
, then this is a way to makepam_aad
not worry about it, rather than error. (And group based access can be enforced with other PAM modules, if required.)