Unable to setup Authorization to Temporal UI

[deepuec]

Describe the bug
I have setup Temporal UI and Server using helm charts and deployed in AKS using mysql DB.
I am able to configure authentication using Okta, but all the users in the system able to access all the namespaces and perform write operations.

I am trying to control the access by using default claimMapper using permissions claim in the jwt token, but it is not working.

To Reproduce
I have added below environment variable to web-deployment.yml file

       - name: TEMPORAL_AUTH_ENABLED
          value: 'true'
        - name: TEMPORAL_AUTH_LABEL
          value: 'sso'
        - name: TEMPORAL_AUTH_TYPE
          value: 'oidc'
        - name: TEMPORAL_AUTH_CLIENT_ID
          value: '0oalyiqMAN5d7'
        - name: TEMPORAL_AUTH_CLIENT_SECRET
          value: 'KmudLU-'
        - name: TEMPORAL_AUTH_PROVIDER_URL
          value: 'https://server/oauth2/default'
        - name: TEMPORAL_AUTH_ISSUER_URL
          value: 'https://server/oauth2/default'
        - name: TEMPORAL_AUTH_PROVIDERS_0_AUDIENCE
          value: 'api://default'
        - name: TEMPORAL_AUTH_SCOPES
          value: 'openid,email,profile'
        - name: TEMPORAL_AUTH_AUTHORIZER
          value: default
        - name: TEMPORAL_AUTH_CLAIM_MAPPER
          value: default

And my jwt claim looks like
"permissions": [
"order-dev:write"
]

Expected behavior
After log-in to the temporal UI, I was expecting to see only order-dev namespace data, but able to see all the namespaces

• OS: Windows
• Browser Firefox
• Version 2.32.0 UI