Closed DanielHoffmann closed 7 months ago
Turns out the problem was that the user I was testing with had only one AD Groups when I first logged in, then added more groups after the login.
So if the user has only one value the data gets serialized as this:
"custom:whatever": "value"
if the user has multiple values the data gets serialised as this:
"custom:whatever": "[value1, value2]"
note no quotes around the values inside the array which is a bit weird I suppose
Is your feature request related to a problem? Please describe.
It seems that the Cognito Events can not properly handle UserAttributes values that are arrays, the serialisation doesn't seem to be working correctly and I only get the first value from the list as a plain string.
According to Microsoft Azure AD documentation:
https://theitbros.com/create-custom-user-attribute-in-azure-ad/
Custom UserAttributes can be a list of strings
For example, in my Identity provider I have a mapping of "custom:ad-groups" (which is a list of strings) to get groups from Azure AD
however the UserAttributes["custom:ad-groups"] field only ever has a single value, no matter how many different values I assign in Azure AD for a user. For example this is the event I am getting for my user (sensitive values replaced with "a"s):
as you can see
event.Request.UserAttributes["custom:ad-groups"]
is a single value instead of a list of valuesDescribe the solution you'd like
It seems there is no standard way of encoding arrays for custom UserAttributes, so if the value is not a plain string it seems the serialisation should be handled like
UserAttributes["identities"]
(a string with JSON inside), so like this:Additional context
I replaced my golang lambda with a javascript lambda and in Javascript I get a proper array inside
userAttributes["custom:ad-groups"]
:so it seems there is nothing wrong in the Azure AD side, only on the golang deserialisation of the values.