Auth with Azure AD use id_token
Hi :) Statistics Canada has been evaluating the .StatSuite. We have set up the .StatCore and are actively looking into using the DLM and DE.
Please see dotstatsuite-core-auth-management#33 (closed) for background info on using Azure AD.
We are using Azure AD for authentication. The current response when logging in a user in returns the roles claim (used for AuthRules) in the id_token.
The DLM is also successfully returning the profile to display the user name and email.
I am requesting that https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-data-lifecycle-manager/-/blob/develop/src/web/apiManager.js line 30 needs to use id_token when Azure AD is the identity provider. Or something equivalent.
I've test locally with adding "provider" to the config/tenants.json and updating the apiManager.js
Note that the DLM does work if we change the scope in the config/tenants.json to authorize with our App Registration API in AAD. However, overriding the scope with an App/scope will only return the access_token but no id_token or profile to display the user Name/Email. So the DLM shows a "No user" which isn't great for our use
Thanks