Yes, this is the correct approach. By default, the scope groups is not automatically configured for custom authorization servers and needs to be manually added, together with a claim to retrieve the user’s group memberships.
@sanguyen That document provides the steps for configuring the “groups” claim when you’re using the Okta Org as the authorization server (oauth2/v1/authorize). When you’re using a custom authorization server (oauth2/default/v1/authorize), you can setup custom scopes and claims using the method that Robinyo demonstrated.
I know this is old, but I have tried everything above and groups is still not showing in the Token Preview. By everything, I mean every combination I could try
Default server using the “Groups” on the main App screen
Default server also tried manually adding scopes/claims but I think as @warren pointed out that should not be necessary?
Custom Auth Server - all steps above, and fiddled around with individual settings like Pattern/Group, all .* etc.
All users are assigned to “User - Admin” to give this a shot
Definitely passing the scope “groups” as this was giving me errors until I went to Security → Scopes and allowed it.
Using the Token Preview, have tried all combinations within PKCE / Implicit.