I've been using the package and had some troubles with the groups management section.
I think for it to properly work, one has to make sure during the group claim configuration that the user's groups are emitted as roles claims. Seems to me Azure emit this information under a groups key by default, however the AuthHandler's authenticate method expects a roles key in the id_token_claims for handling permissions (i.e. adding user to the mapped Django group based on group membership).
I've prepared a commit for this clarification and opened a PR, hope you don't mind! Please let me know what do you think :)
I've been using the package and had some troubles with the groups management section.
I think for it to properly work, one has to make sure during the group claim configuration that the user's groups are emitted as
roles
claims. Seems to me Azure emit this information under agroups
key by default, however theAuthHandler
'sauthenticate
method expects aroles
key in theid_token_claims
for handling permissions (i.e. adding user to the mapped Django group based on group membership).I've prepared a commit for this clarification and opened a PR, hope you don't mind! Please let me know what do you think :)