Allow access if group_id is an empty string

Question

Allow access if group_id is an empty string

Opened this issue 3 years ago · 0 comments

This change makes it so that the group membership check is skipped if group_id is empty.

The reasoning is that if our azure app is not authorised to read group membership with /checkMemberGroups, then this is a way to make pam_aad not worry about it, rather than error. (And group based access can be enforced with other PAM modules, if required.)

Source: CyberNinjas/pam_aad#61