I am using Jenkins Login with Openid Connect (Amazon Cognito). I am able to use group-based authorization. I can see my groups in Granted Authorities: authenticated,<cognito group>
But when I try making API call, it gives me a "403" error saying "Missing overall read permissions".
I am using API token created using <Jenkins url>/configure/me
It is only allowing in case I give "Read" access to the anonymous group in Jenkins, which I couldn't give in my production environment.
Jenkins is not able to read neither SSO users authorized in groups nor in the authenticated group.