No Groups Returned from /userinfo

I’m attempting to get a user’s groups from an authorization code flow, but it is not being returned from the /userinfo endpoint after the access token is returned. Any ideas?

Environment overview:

  • Okta developer trial account
  • Authorization client grant types: [authorization code, refresh token]
  • OpenID Connect Token > Groups claim type: “Filter”
  • OpenID Connect Token > Groups claims filter: groups Starts with .*


  1. Initiate login:
  1. User authenticates and code is sent to redirect URI
  2. Code is exchanged for user access token.
  3. Request is sent to user info with issued access token:
  1. Response does not contain groups:
    "sub": "00",
    "email": "",
    "email_verified": true

I am aware that the auth code flow returns a thin token with no groups claims, but the request to the userinfo endpoint should return the group claims as specified in the docs.

I needed to set the Groups claim filter to matches regex rather than starts with for the regex expression to work.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.