Thanks a lot for your help!
Unfortunately, I need a solution for Service (Machine-to-machine), while your example is for Single-Page App (SPA). The main difference is that, as I can see from the documentation:
“The Client Credentials flow never has a user context, so you can’t request OpenID scopes. Instead, you must create a custom scope” (https://developer.okta.com/authentication-guide/implementing-authentication/client-creds)
I added a costumeScope as suggested an I updated the claims to associate “groups” to that scope but nothing changed.
I try to give some context.
Forget the front-end side because it’s already working fine.
I have a Service that authenticates to Okta (Application Service Machine-to-Machine). The authentication works fine, I am making a POST to the
/token endpoint and I get access_token as result. What I am trying to do is to extract from this access token the groups assigned to the application service related.
So, in my case I have in Okta the application Service that I called “ServiceTest” and I assigned to it the groups “admin” and “developers”. When I run my service it authenticates on Okta using the Client Id and the Client Secret that I can find in “ServiceTest”. The authentication works fine and I get as reply the access token. What I am trying to do now is to get from the access token the claim “groups” (by groups I mean the groups assigned to the “ServiceTest”, so in this case “admin” and “developers”). I tried to use a costumeScope and to associate to it the claim “groups” but I still get the same claims as before. I tried to do the same using a Single-Page App and in this case I have the all the claims that I need. This is what I did in Okta: