Get user's groups in OIN OIDC application

Hi!

My company would like to add Okta authentication to our solution.
It has been a request from several customers.

We would like to create an OIN OIDC application.

Our solution features different roles.
We would like to map Okta groups to our roles.
Like so, our customers could grant their users different roles by assigning them to certain Okta groups directly from Okta admin page.

Is there a way to access the groups of an authenticated user of an OIN OIDC application?

The problem is that OIN OIDC applications do not support custom authorization servers. So we cannot use custom claims and scopes.

I found this 1 year old topic that tries to solve the same problem without success: How to make an app with multiple permission levels?

The only solution I can come up with is to ask our customers to give us an API token (API key) so we can call their REST API endpoints. I think it is asking for a lot of privilege just to be able to read a user’s groups. So we would prefer not to ask them an API token.

What would you recommend us to solve our problem?

Maybe some of my understandings of Okta are incorrect? In that case please correct me.
Also, feel free to ask me for any clarifications if needed.

Thanks in advance

Maybe my question is unclear, so let me phrase it another way:

Is it possible to get the groups of a user in an OIN OIDC application without an API token?