OpenID: Claimed Groups Are Missing

I have an Okta App for openid authentication.

The application claims all groups, with groups Matches regex .*:

In the OpenID auth flow, after getting a an authorization code back from Okta, I exchange it for an access token. I am using scopes openid and groups, but the access token does not contain the user’s groups. When decoded, the access token looks like this:

The user I’m testing with does belong to groups in Okta. I have clicked “Refresh Application Data” per the documentation, to no avail.

When you use a flow that returns both an access token and an id token, minimal claims are returned in the token. You will need to use the /userinfo endpoint the retrieve the additional claims. You can find more details in the article below.


That worked. Thank you!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.