What is the correct way to restrict results from our backend based on Okta group membership?
Say we have the groups “Doctor”, “Nurse” etc.
and depending on membership, we should control how our DB queries are built. e.g. filtering on various criterions.
-
How do I get access to the user groups on the backend (NodeJS + Express)
I see that the backend reports scopeprofile openid email
and notgroups
Where do I set that up? on the client side signin widget? somewhere in the Okta management UI?
In the backend config? -
is that the correct way to go? should we check group memberships at all for this, or is it possible to set up some other form of access/authorization restrictions which would be more idiomatic?