How to return entitlements in Access Token?

We have a requirement where we need to return all the groups that user has access to?

I have created below entitlement under claims for my authorization servers but I am not seeing any entitlements in access token when I unpack it using JWT.IO

Hi @SNAmigo, are these groups Okta groups, or are they synced from AD?

1 Like

Okta groups that I have created manually. @louie

@SNAmigo did you set this up in your Okta Org Authorization Server - Authorization servers | Okta Developer or Custom Authorization Server Template called Default - Authorization servers | Okta Developer? Perhaps you are calling the wrong server. It matters which server you are calling so that it is present in the token.


I am using the default custom authorization server, It is the only one that is active.
Is there a way to test our configuration within the Okta console instead of calling an API?

@SNAmigo unfortunately no Okta console but I recommend using this debugger tool - be sure to add the redirect url to your OIDC Application in your Okta dashboard. Look out for common issues I explain here Okta Authorization Servers for OpenID Connect and OAuth 2.0 Integrations - YouTube.

1 Like

@SNAmigo your web app setup (for example) should look like this on Okta side:

OIDC Debugger tool side:

Note: We are only using the implicit grant flow - skipping the code exchange step for testing purposes only; we don’t recommend using this flow in general so disable this on your OIDC app setup (Okta dashboard) when you are done testing.