Hello, I’m currently using OIDC and have my own authenticator.
There I call the /introspect API with the provided token from the user, I also need to find out the groups that this user belongs too in order to do some customizations, I couldn’t find an API that returns that for the user though. Is there any?
Yup, I agree with @phi1ipp’s recommendation. Use Groups Claims to store the group membership information within the user’s tokens or Userinfo output. Additionally, end-users do not have sufficient Admin permissions to make an API request to get the list of groups they’re a member of themselves.
You will not be sending the token to the Introspect endpoint to get this information. The groups claim will be present either in the token payload directly or at the /Userinfo endpoint, not /Introspect.
Do you still have this issue if you request an actual token? I believe Token Preview might have a limitation where it cannot display the groups claim when it evaluates to over 100 matching groups, but an actual token should work fine.
Hello Daniel, tagging in here to verify the settings on your Authorization Server. I did some repro and I think we should try setting it to “Groups” and then the Filter to “Matches regex” - also, please make sure you are using .* exactly, as that should read all Okta groups. I’ve included a screenshot to align this to that will hopefully assist. Let us know if this works!