Jwt token has empty claim "groups" list when using DEX as OpenID provider.

[blutz1982]

Issue Summary When requesting, scope "groups" is not passed to OIDC_AUTH_URL. As a result, there is no information about groups in the jwt token. Judging by the source code, the list of scopes is hardcoded in src/services/auth.ts:

openid: {
    ...
    scope: 'openid+profile+email',
    ...
    }

Request URL look lile:

http://some-domain.local/dex/auth?response_type=code&client_id=alerta-client-id&redirect_uri=http://localhost:8080/&scope=openid+profile+email&display=popup&state=48kamg89ydd

For this reason, after authentication, there is no role mapping. It would be nice to be able to parameterize this value via configuration, as is done, for example for OIDC_AUTH_URL

openid: {
    ...
    authorizationEndpoint: config.oidc_auth_url,
    scope: config.oidc_scopes,
    ...
    }

Definitely, an implementation of this on the API side will also be required.

alertad.conf

...
OIDC_SCOPES = 'openid+profile+email+groups'
...

Environment

• OS: Linux

• API version: 8.7.0

• Deployment: Docker

• Database: Postgres

• Server config: Auth enabled? Yes Auth provider? OpenID (Dex) Customer views? No

• web UI version: 8.7.0

• CLI version: 8.5.1