Having Trouble Return Groups to id_token


I’m following the guide “Add a Groups claim for the Org Authorization Server”. I’ve followed the instructions, but I don’t see a “groups” attribute in my Token Preview. I think I might be mixed up in the groups / scopes configuration.

Here’s what I’ve done so far.

  1. In the Directory, created a group
  2. Added the user to the group
  3. Added the app to the group
  4. In the API, added a scope called “groups”
  5. In the app, set a Filter to “groups” regex match .*
  6. Form a Token Preview with the scope “openid” and “groups”.

I get a token back, but it doesn’t have the groups.


I’ve also moved to an Authorization Server that I created (“custom”) rather than default. I’ve been working with the groups claim. I’m currently using this setting

getFilteredGroups as getFilteredGroups({“XXX”}, “group.name”, 100)

I scraped the XXX from the HTML. It’s an ID of the same form as in the docs.

I’m faring better today. It looks like my problem was with a poorly-formed Claim. I was trying to enter a filter expression and simply had to switch over to a value type of 'groups". Then, I used a loose regex (.*) and all my groups appear at the toplevel of the token.


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.