Retrieve roles and scopes

Retrieve the OpenID Connect/OAuth2 Single sign-on roles and scopes in your Genero application.

After successful authentication, the Genero OpenIDConnect service sets two environment variables:

  • OIDC_SCOPES – List of scopes provided by the identity provider.
  • OIDC_ROLES – List of roles provided by the identity provider.

Scopes define what the application can do on behalf of the user (for example, read but not write data). Roles determine who can access the application.

You can retrieve these values in your application after authentication. The identity provider may provide roles and scopes in the ID token, the access token, or both. By default, only the ID token is decoded. If you need to decode the access token first, see Enable access token decoding.

  1. To retrieve the list of scopes, add this code to your Genero application: 
    LET scopes = fgl_getenv("OIDC_SCOPES")
  2. To retrieve the list of roles, add this code to your Genero application: 
    LET roles = fgl_getenv("OIDC_ROLES")