We want to utilize okta for authentication and to store user’s and machine’s “groups”. These groups will be used for authorization. I’m wondering how we can apply “groups” to our “API Services” for M2M.
For the normal user flow, I was able to make the authorization server return an accessToken that contains all the user’s “groups”. Ultimately, these token’s “groups” would then be passed to our own api to retrieve the list of permissions to check authorization.
For our M2M’s “API Services”, we are able to obtain token using client_credential flow but I need its token to have “groups” assigned to the token as well, similar to the user flow. Is this possible or what what would be the best approach for what I’m trying to accomplish?
I did see a similar question in Access token with groups for a Service application (Machine-to-Machine) but I do not see an a solution for it.