I’ve set up Okta authentication using a dev account for a simple nodejs / express app. I’m trying to determine which groups the user belongs to without success. I’m new to Okta and only have a little experience with using oauth2, so I’m sure I’m missing something obvious.
I have created the groups, required them for the app, and added them to my one and only user:
I am dumping the returned user context data from my express page after login. The second console.log is redundant but what the heck… I’m desperate!
The output does not contain the expected groups data when I log in:
I’ve looked at other threads about determining groups, but I must have missed something. Is there an example that outlines how to do this? A troubleshooting checklist? It seems like a common enough requirement. Thanks for your time!
Hey there! What happens if you try including groups in the id token and/or userinfo request instead? If you want to return all groups for a user, I’d also recommend using the “Matches regex” filter option, where the expression would be: .*
Thanks so much for the speedy and helpful response tyty… Changing the claim to an ID token type did the trick. Much appreciated!
I left the filter alone and it seems ok. I did a quick test, and if I add a group that isn’t linked to the application, but still matches the filter it still comes through. I’d like to filter out groups I’m not interested in as much as I reasonably can.
There’s no built in way to filter out groups based on the groups assigned to the application, which is why we typically recommend making groups in Okta whose name starts with a specific string, such as “Application A” and create individual groups in this fashion for any roles your application has, e.g. “Application A - Admins”, 'Application A - Read Only", “Application A - End Users”, etc.
If you name the groups that your application needs to know about like that, then you can configure your claim expression to do a substring match for “Application A” and then only groups that start with that string will be included in the claim.
Thanks Andrea. That’s the approach I was going for starting these groups with Mileage, so it looks like I’m on the right track, and with tyty’s tweak to my configuration I think I’m off the the races.
