I am using Azure AD as provider. When I first log in to my website, after successfully logging in to Azure AD, when I check the "/oauth2/userinfo" link, I can see the group objectIds I am a member of in Azure AD. So the system fetchs user information without any problem. What I want to do here is, I don't want there to be any restrictions when you go to "https://cnhsn.test/". All AAD users should have access to this page. But when a user visits the link "https://cnhsn.test/paris" they should not be able to see this page unless they belong to the group with object ID "aaaaaaa-bbbb-cccc-dddd-eeeee". If they are a member of that group, they should be able to log in directly without any warning or notification. I would like to do the same for the other subpages. How can I do that? I am using NGINX as proxy server.

Expected Behavior

Make pages on the website according to Azure AD groups accessible only to group members.

Current Behavior

Oauth2-proxy is working very well and there is no problem with user control. But right now all azure ad users can access every page of the website.

Possible Solution

Maybe I can do something about it using the "allowed-group" variable. I tried to add "allowed_groups" variable at the end of "oauth2/auth" connection but I got 500 internal server error. I have already used the "allowed-group" variable as "allowed_groups" in my "oauth2-config.cfg" file. I think I may have made a mistake here too.

Context

I can't control the access of website users and this way I will be able to. Only users authorized by me will be able to access pages that contain important data.

Your Environment

RHEL7.9
Nginx 1.20.1

• Version used: 7.4