Matt Raible
Yes, you can add a groups claim to your access token. Just go to API > Authorization Servers > default > Claims > Add Claim.
Raju N
Yes I added the groups claim (It is capital, replicating our organisations authz server claim). But I’m not getting it in the user attributes at the spring boot. https://uploads.disquscdn.c…
Matt Raible
The default is groups, so it’s probably not working with your claim’s name. You can change it in your configuration.
okta.oauth2.groupsClaim=Groups
Raju N
Yep, I added it okta.oauth2.groups-claim=Groups. It worked with ID token but not with Access token
Kalin Wilson
Perhaps the author could update the article to be correct? I had to make the scope list comma separated, and define the ‘username’ field in the Okta application-user mapping in order to work my way through the article. Good article, but please fix the errors rather than force us to read all of the comments looking for fixes.
Matt Raible
If you use the same version of Spring Boot that this tutorial uses (2.1.5), I’m confident this article is up-to-date. If we kept all our Spring Boot posts up-to-date with the latest releases, we’d never have time to write new posts! 
Akash Mulik
Awesome article. Got too much clarity on claims, roles, scopes, groups, @PreAuthorize.
Thank you so much!!
Igor
Excellent article, thanks!
I suppose I could also evaluate certain claims in @PreAuthorize to e.g. not be blank (non empty, non null) using SPel, too, right? Say: @PreAuthorize("java(!package.StringUtils.isBlank(TokenHelper.getCompany())) || hasRole('Admin'))") ?
Matt Raible
I’m not a SPel expert, but I believe so. If it doesn’t work, please let us know.
I believe that @EnableGlobalMethodSecurity has been replaced with @EnableMethodSecurity see @EnableMethodSecurity introduced a more flexible way of configuring authorization for method security.
Thanks for the heads up, @mwoollen !