I’ve logged my user in by redirecting to the authorization_endpoint with a scope of “groups openid email”, after successful login at that endpoint the user is redirected again back to my application with the code as a GET parameter.
I’m then making a request to the token_endpoint, this returns an id_token, and an access_token.
I can extract groups from the access_token returned, but this is not the full list. There are about 50-60 groups depending on the user, and I’m only seeing 7 in the access_token.
So I then make a request to this url: {okta_site}/api/v1/users/me/groups
In the header for this request I’m including a, “Authorization”: "Bearer: " + token
If I include the access_token returned from the step above, I get a 400 internal server error with no information. If I include the id_token returned I get a 401 unauthorized error. This leads me to believe I do have the right endpoint, but there is some error that I’m not seeing.
I’ve tried many other URLs and configurations, I’ve searched online and this seems to be a common problem but none of the solutions I found work. If I hit that groups endpoint from my browser after logging into okta I can see all of the groups my user should have. How can I get the full list of groups for a user?
Any help would be greatly appreciated.