OIDC Login Works but Users Get No Roles and Become Anonymous
0
Hi everyone,I’m running into an issue with OIDC login in my Mendix app and could really use some help.Login itself is working fine — users are able to authenticate using OIDC (I’ve tried both Google and our company login). But after login, the behavior is inconsistent:My personal account works fineEven a brand new Gmail account worksBut some other users (especially from the company login) get logged in and then end up as anonymous users or don’t get access at allIn the logs, I’m seeing this:“no-roles handled ..simple plain login”So it looks like users are getting authenticated, but no roles are being assigned to them.My current setup:Scopes: openid, profile, emailClaims: sub, email, name, etc.No role mapping configuredNo default user role setAny idea why Gmail logins work but company users don’t?Thanks!
From your logs I understood that Authentication via OIDC is successful but Authorization (user role assignment) is failing. This could be simple In mendix user should have role so with the org accounts the authorization layer in application level is failed. just setup a logic to map the user to a role based on the scope or claims to address this quicjly.
The reason how gmail works is:
Maybe those emailID would be associated with a account in application[ Kindly cross check it] already.
Gmail claim matches some default mapping internally this is very rare.