hi all,
I apologise in advance if this question is from my ignorance of how Okta works. (as I’ve only recently started working with it)
Presently I’m using the OpenIdConnect call to establish an Okta session.
And this allows vision on these attributes (via the /userInfo call, when the session is established)
eg:
{
“sub”: “xxxxxxxxxxxxxxxxxxxxx”,
“name”: “John Smith”,
“locale”: “AU”,
“preferred_username”: “john.smith@nowhere.com”,
“given_name”: “John”,
“family_name”: “Smith”,
“zoneinfo”: “America/Los_Angeles”,
“updated_at”: 1667464743
}
To retrieve the roles of a specific user, this API call was used: /api/v1/users/[userID]/groups (Users | Okta Developer), which worked fine during testing on UAT.
But our client isn’t keen on providing an API token to their database.
However the users role needs to be known for implementing tiered access functionality to the website for each Okta session.
Our client claims it should be possible to retrieve this via querying attributes, but how are Okta session attributes accessed? (outside of those listed above) Is their another call somewhere that does this? (without the need of an API token)
If this just isn’t possible without an API token, that would be good to know, at least then I can go back to the client with a specific request: please give me API access.
I’m attempting to do this in C#.
Thanks for you time.