I need help with integrating Azure AD-based authorization with Redis, specifically by using OAuth and leveraging Azure AD groupmembership. Currently, Redis handles authorization through users.acl, and I want to know if it's possible to authorize users based on Azure AD groups through OAuth. Additionally, what are some common integration patterns for this setup? How can I map or sync Azure AD group information (claims) with Redis users.acl? Are there any limitations or trade-offs when using Redis ACLs with external identity providers? If anyone has experience in implementing a similar approach or can share best practices and potential pitfalls, I would greatly appreciate any insights. Thanks a lot!
3 Answers
Yes, it is possible to authorize Redis users using Azure AD groups with OAuth. You can check out the documentation for more information on how to set this up. If you pass the auth token as the Redis auth password, the authentication works. To get the claims, using a security group might be a good approach.
Have you tried reading the manual? It could have the answers you're looking for!
I’m unsure how we can dynamically update users.acl based on OAuth authorization since the ACL list determines the permissions for each user. The entries in the ACL are pretty static, so you may need to manage this carefully with groups instead.
Exactly, you usually keep the ACL file static unless you're managing permissions through groups.
Just a heads up, though—according to the documentation, Microsoft Entra groups aren't supported for this. We're actually building our own caching service instead of using Azure Redis.