Is it possible to assign "groups" to token in client credential flow for M2M?

We want to utilize okta for authentication and to store user’s and machine’s “groups”. These groups will be used for authorization. I’m wondering how we can apply “groups” to our “API Services” for M2M.

For the normal user flow, I was able to make the authorization server return an accessToken that contains all the user’s “groups”. Ultimately, these token’s “groups” would then be passed to our own api to retrieve the list of permissions to check authorization.

For our M2M’s “API Services”, we are able to obtain token using client_credential flow but I need its token to have “groups” assigned to the token as well, similar to the user flow. Is this possible or what what would be the best approach for what I’m trying to accomplish?

I did see a similar question in Access token with groups for a Service application (Machine-to-Machine) but I do not see an a solution for it.

Thank you.

Nevermind, I just found out it was not possible atm according to When using client credential how to provide Groups as claim?

Is there an alternative approach for what I’m trying to accomplish besides having our own application store an application’s role?

1 Like

When you say “having our own application store and application’s role”, do you mean create custom scopes and claims?
I am currently using custom scopes and claims for M2M client_credential flow.