Hi Okta Team,
Currently I’m using free Okta Developer account and oauth flow.
Basically I’m trying to get the users and groups Info (/api/v1/groups/{groupID}/users and /api/v1/groups ) information using token.
Token is generated by using JWTAssertion and by passing grant_type=client_credentials, scope=okta.groups.read". I’m able to get the access_token but groups and users api is giving me the following error “errorCode”:“E0000006”,“errorSummary”:“You do not have permission to perform the requested action”.I’m trying to get the groups info using oauth2 flow not using API Token.
If you are trying to use an OAuth token against Okta’s APIs, you need to ensure that the OIDC client you created (presumably an API Service application in your case, as you mention using Client Credentials grant) has both the scope you are requesting enabled
AND it is assigned an admin role with sufficient permissions to access the resource.
That error makes me think the latter was missed and this service app was either not assigned an Admin Role or was not assigned an Admin role with access to the read User and Group information.