Oauth claim that returns multiple active directory groups

I need a solid way to create an oauth claim that returns several AD groups. I can get it to work for two filters but anything over that fails.

This will work for 2 groups
Arrays.flatten(Groups.startsWith(“active_directory”,“app_group”),Groups.startsWith(“active_directory”,“app_Group2”,100))
Anything more than 2 and the claim does not show up in the token, so this
Arrays.flatten(Groups.startsWith(“active_directory”,“app_group”,100),Groups.startsWith(“active_directory”,“app_group2”,100),Groups.startsWith(“active_directory”,"app_group3,100))
does not work

Also trying it with “or” does not work
Arrays.flatten(Groups.startsWith(“0xxxxxxxxxxxxd7”,“group1”,50)) : Arrays.flatten(Groups.startsWith(“0xxxxxxxxxxxxd7”,“group2”,50))

Hi @ntalbot77 please try the following:

Arrays.flatten(Arrays.isEmpty(Groups.startsWith("active_directory","app_group1",50)) ? {} : Groups.startsWith("active_directory","app_group1",50), Arrays.isEmpty(Groups.startsWith("active_directory","app_group2",50)) ? {} : Groups.startsWith("active_directory","app_group2",50), Arrays.isEmpty(Groups.startsWith("active_directory","app_group3",50)) ? {} : Groups.startsWith("active_directory","app_group3",50))

(please note that this will scroll over to the right quite a bit; it’s a rather long expression :slight_smile: )

This will check each individual group filter criteria for the user, and return the groups that match each individual filter into a single array. Please let me know if this helps.

1 Like