fix: don't throw error if group claim is missing

backend/src/oauth/provider/genericOidc.provider.ts

@@ -147,14 +147,19 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
 
     if (roleConfig?.path) {
       // A path to read roles from the token is configured
-      let roles: string[] | null;
+      let roles: string[] = [];
       try {
         roles = jmespath.search(idTokenData, roleConfig.path);
       } catch (e) {
-        roles = null;
+        this.logger.warn(
+          `Roles not found at path ${roleConfig.path} in ID Token ${JSON.stringify(
+            idTokenData,
+            undefined,
+            2,
+          )}`,
+        );
       }
-      if (Array.isArray(roles)) {
+
-        // Roles are found in the token
       if (
         roleConfig.generalAccess &&
         !roles.includes(roleConfig.generalAccess)
@@ -169,16 +174,6 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
         // Role for admin access is configured
         isAdmin = roles.includes(roleConfig.adminAccess);
       }
-      } else {
-        this.logger.error(
-          `Roles not found at path ${roleConfig.path} in ID Token ${JSON.stringify(
-            idTokenData,
-            undefined,
-            2,
-          )}`,
-        );
-        throw new ErrorPageException("user_not_allowed");
-      }
     }
 
     if (!username) {