I also have run across a need for what @mgremont was asking help with. This post helped me find another method to meet my requirements. Here’s what I did:
- Using Okta API Token, POST the following to https://{{okta.domain}}/api/v1/apps
{ "name": "oidc_client", "label": "Sample OAuth Service", "signOnMode": "OPENID_CONNECT", "credentials": { "oauthClient": { "token_endpoint_auth_method": "client_secret_basic" } }, "settings": { "oauthClient": { "client_uri": "http://localhost:8080", "logo_uri": "http://developer.okta.com/assets/images/logo-new.png", "redirect_uris": [], "response_types": [ "token" ], "grant_types": [ "client_credentials" ], "application_type": "service" } }, "profile": { "groups": [ "Admin" <-- the groups you want for the app ] } }
-
In my auth server:
-
Check it in Token Preview. There should be a token claim called “groups” with the groups set in the initial profile
