Implemented okta auth via signin widget in angular 17 app. Signin works well and from the this._oktaStateService.authState$ I can see isAuthenticated: true and “Groups”: [ “Everyone”, “readOnly” ].
But <li *oktaHasAnyGroup="['admin']"
and this._oktaStateService.hasAnyGroups['canEdit']
generates a 401 error.
In the response headers I see
www-authenticate
Bearer authorization_uri="http://dev-02808097.okta.com/oauth2/v1/authorize", realm="http://dev-02808097.okta.com", scope="openid", error="invalid_token", error_description="The access token is invalid.", resource="/oauth2/default/v1/userinfo"
The authorization_uri is missing the default. I have the following in app.module.ts
const oktaAuth = new OktaAuth({
issuer: 'https://dev-02808097.okta.com/oauth2/default',
clientId: 'xxx',
redirectUri: window.location.origin + '/login/callback',
authorizeUrl: 'https://dev-02808097.okta.com/oauth2/default/v1/authorize',
});
So I am not sure where to proceed from here. I could pick apart the authstate$ to look for groups but it would be better if the hasAnyGroup functions did not get a 401.
This appears to be very similar to 401 on /userinfo but not really.