Returning Groups in the OpenID connect userinfo API call, AGAIN

Questions OAuth/OIDC
1

Im trying to get log user info and I need group info in access token.

Created application , users , groups. Create claim and assign claim to application. In claim preview I’m geting info

{
“sub”: “00ufwy7u3cV81lp2A0h7”,
“ver”: 1,
“iss”: “https://dev-417079.oktapreview.com/oauth2/default”,
“aud”: “0oafx619teiAXwHwV0h7”,
“iat”: 1534515075,
“exp”: 1534518675,
“jti”: “ID.S1qATQ6yfMdUzax2r2VHdpXoQkllgjyJ05J3_ZrkRc4”,
“amr”: [
“pwd”
],
“idp”: “00ofwy5ethfKmbQhv0h7”,
“nonce”: “nonce”,
“auth_time”: 1000,
“at_hash”: “preview_at_hash”,
“groups”: [
“Everyone”,
travelers
]
}

but when I calling this over API I dont get group info !!!

response: {“sub”:“00ufwy7u3cV81lp2A0h7”,
“name”:“World Traveler”,
“locale”:“en-US”,
preferred_username":"traveler1@gmail.com”,
“given_name”:“See”,
“family_name”:“World”,
“zoneinfo”:“America/Los_Angeles”,“updated_at”:1534386515}

???Why …what is wrong

my curl command

curl -X POST
https://dev-417079.oktapreview.com/oauth2/v1/token
-H ‘Accept: application/json’
-H ‘Authorization: Basic MG9hZnk1ZDU4NndKNlNXNEowaDc6dTNCU2xGTHlZNjRVZVA4QnR2RXhSZUI0UkQ1LVd6NEdLT0IxX3BTeQ==’
-H ‘Cache-Control: no-cache’
-H ‘Content-Type: application/x-www-form-urlencoded’
-H ‘Postman-Token: f516430e-1a47-47c2-81cf-09a20f6e5a31’
-d ‘username=traveler3%40gmail.com&password=Qwerty751!&grant_type=password&scope=openid%20groups%20profile’

2

Any one ? This is a show stopper for me ! Help

3

Hi @lpastor - Can you verify that you’ve correctly added the Groups regex to your claim policy? If you haven’t already done so, there are a few forum posts that walk you through how to do this:

  1. Returning Groups in the OpenID Connect User Info API Call
  2. Get Groups in ID Token
4

Hi jmelberg

I read both articles and I did the claim with group
in ID I create claim groups with getFilteredGroups(app.profile.groupwhitelist, “group.name”, 40)
in Access create claim groups clim with Regex .*

40%20PM
Screen Shot 2018-09-04 at 1.24.40 PM.png1452×408 27 KB

preview token works fine

04%20PM
Screen Shot 2018-09-04 at 1.26.04 PM.png2028×1084 241 KB
05%20PM
Screen Shot 2018-09-04 at 1.27.05 PM.png2048×1092 275 KB

but when I asking over curl I don’t getting group info ???

curl command

curl -X POST
https://dev-xxx.oktapreview.com/oauth2/v1/token
-H ‘Accept: application/json’
-H ‘Authorization: Basic MG9hZnk1ZDU4NndKNlNXNEowaDc6dTNCU2xGTHlZNjRVZVA4QnR2RXhSZUI0UkQ1LVd6NEdLT0IxX3BTeQ==’
-H ‘Cache-Control: no-cache’
-H ‘Content-Type: application/x-www-form-urlencoded’
-H ‘Postman-Token: bc992232-f1b3-45f9-9613-60b17b531d18’
-d ‘username=xxx&password=xxxx&grant_type=password&scope=openid%20groups%20profile’

what is wrong ??

5

Anyone ? This is a big show stopper for POC that Im . building for customer.

6

@lpastor Which authorization server did you use to do the token preview?

You are missing an authorization server ID in your curl call. It should be like:

curl -X POST https://dev-xxx.oktapreview.com/oauth2/{authorizationServerId}/v1/token