Tommy Wu
In your okta org go to security | API | Authorization Servers | [name] | Access Policies and then create a policy, adding rules allowing individuals or groups to access that endpoint.
David McCarter
It would be helpful if this article also showed how to call the api from the client. Also, possibly update it to use the new Okta.AspNetCore Nuget package.
Hexa Dulce`
Has there been an updated version of this posted anywhere? Current dotnet version
dotnet --version
5.0.100
Erik
Similar sample can be found here, used 3.1.8.
Mark Nadig
Is it possible to add the application to a group so authentication via access_token would return the group membership?
I’ve created a group “Provisioner” and assigned the app via Directory -> Groups -> Provisioner -> Apps tab.
Under Security -> API -> Authorized Servers tab, selected the “default” server, Claims tab added a “roles” claim with “groups: maches regex .*” fo any scope, type access, always included. However, the jwt returned is not including the roles claims either in practice or the Token Preview tool.
+1 to what David said. Been struggling with this from the client’s perspective for a few days now.