Hi, I have a PKCE application, which uses the default authorization server and I followed the guide at the link below to add a “groups” claim to the id_token. But it doesn’t return the “groups” claim and I am not seeing any errors either. It just returns an id_token without a groups claim.
The guide I followed is at: https://developer.okta.com/docs/guides/customize-tokens-groups-claim/add-groups-claim-org-as/
However, If I add the groups claim to the default org authorization server, then it works regardless of whether I have enabled the “groups” claim for my specific application or not as described in the guide above. My questions is why is the groups claim as described in the guide above not working for me?
My second question is why does OKTA always return “username” in my access token as my email instead of the actual username without the “@mycompanydomain.com” part?