Hi – just to follow up and confirm: if I use Okta to log in to my web app and it uses the domain together with client id and secret to make it all work, then, if I want to assign different permissions inside my app depending on which group the user belongs to on Okta then I need the API token and this needs to be created manually?
For context I’m using the REST API (i.e no lib), I get the user id from the id token (the “sub” field) and then use it with $domain/api/v1/users/$userId/groups to get the user’s groups. This last query needs an API token.