feat: reduce user id token scope for entra SSO

malhussan · malhussan · commit 7211be49d6cd · 2025-09-25T16:57:11.000+02:00
diff --git a/modules/meshcloud-sso/module.tf b/modules/meshcloud-sso/module.tf
@@ -65,5 +65,5 @@ resource "azuread_application_password" "meshcloud_sso" {
 resource "azuread_service_principal_delegated_permission_grant" "meshcloud_sso" {
   service_principal_object_id          = azuread_service_principal.meshcloud_sso.object_id
   resource_service_principal_object_id = data.azuread_service_principal.msgraph.object_id
-  claim_values                         = ["User.Read"]
+  claim_values                         = ["openid", "email", "profile"]
 }

Original file line number	Diff line number	Diff line change
`@@ -65,5 +65,5 @@ resource "azuread_application_password" "meshcloud_sso" {`
`65`	`65`	`resource "azuread_service_principal_delegated_permission_grant" "meshcloud_sso" {`
`66`	`66`	`service_principal_object_id = azuread_service_principal.meshcloud_sso.object_id`
`67`	`67`	`resource_service_principal_object_id = data.azuread_service_principal.msgraph.object_id`
`68`		`- claim_values = ["User.Read"]`
	`68`	`+ claim_values = ["openid", "email", "profile"]`
`69`	`69`	`}`