OIDC Azure not reading group claims #5038

New Issue

OVERLORD · 2026-02-05T09:35:50+03:00

OVERLORD commented

2026-02-05 09:35:50 +03:00

Originally created by @jnantg on GitHub (Nov 4, 2024).

Describe the Bug

User not being assigned to group when logging in with OIDC

Steps to Reproduce

Configure OIDC and set the variables:

OIDC_GROUPS_CLAIM=groups
OIDC_USER_TO_GROUP=true

Verify the group claim is showing when

OIDC_DUMP_USER_DETAILS=true

Add the group ID to a role

Log in as the user

Expected Behaviour

The user should be assigned the group. For example "Editor" when the object ID of the group has been added to external authentication ID. However this is not the case. The user logs in, but is not granted the role specified. Even thought the claim is configured and shows when user detail dump is enabled.

Screenshots or Additional Context

No response

Browser Details

Microsoft Edge

Exact BookStack Version

24.10

Originally created by @jnantg on GitHub (Nov 4, 2024). ### Describe the Bug User not being assigned to group when logging in with OIDC ### Steps to Reproduce Configure OIDC and set the variables: OIDC_GROUPS_CLAIM=groups OIDC_USER_TO_GROUP=true Verify the group claim is showing when OIDC_DUMP_USER_DETAILS=true Add the group ID to a role Log in as the user ### Expected Behaviour The user should be assigned the group. For example "Editor" when the object ID of the group has been added to external authentication ID. However this is not the case. The user logs in, but is not granted the role specified. Even thought the claim is configured and shows when user detail dump is enabled. ### Screenshots or Additional Context _No response_ ### Browser Details Microsoft Edge ### Exact BookStack Version 24.10

OVERLORD added the 🐛 Bug label 2026-02-05 09:35:50 +03:00

OVERLORD closed this issue

2026-02-05 09:35:52 +03:00

OVERLORD commented

2026-02-05 09:35:55 +03:00

@ssddanbrown commented on GitHub (Nov 4, 2024):

Hi @jnantg,

when the object ID of the group has been added to external authentication ID.

Does the ID added exactly match a value you see when you have OIDC_DUMP_USER_DETAILS enabled?
Can you share (where possible) the output of having OIDC_DUMP_USER_DETAILS enabled?

@ssddanbrown commented on GitHub (Nov 4, 2024): Hi @jnantg, > when the object ID of the group has been added to external authentication ID. - Does the ID added exactly match a value you see when you have `OIDC_DUMP_USER_DETAILS` enabled? - Can you share (where possible) the output of having `OIDC_DUMP_USER_DETAILS` enabled?

OVERLORD commented

2026-02-05 09:35:57 +03:00

@ssddanbrown commented on GitHub (Nov 28, 2024):

Since there's been no further follow-up I'll go ahead and close this off.

@ssddanbrown commented on GitHub (Nov 28, 2024): Since there's been no further follow-up I'll go ahead and close this off.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5038