Using Okta groups with permissions authorization in


I have a react spa with application. We would like to do the following:

  1. Create a permission called “Delete”
  2. Create a role called “Manager” and “Supervisor”
  3. Add the permission “Delete” to both “Manager” and “Supervisor”
  4. Then we would ultimately like to do something like [Authorize("Delete)]

We were able to create a group called “Delete” and assign it to both groups “Manager” and “Supervisor” using the group rules. So it looks like [Authorize(Roles = "Delete)]. However, this will become very messy. Is there a better way to do this?

I would something like what is shown with auth0 in JWT Bearer Authentication and Authorization for ASP.NET Core 5 –

And if there’s no way to do something like this now, is there any plans for this feature in the future?

Appreciate any feedback. Thanks

OAuth and bearer tokens are a fundamental part of what Okta provides. The tokens are configured and served from the authorization servers: Security → API → first tab, authorization servers. It can be configured so particular users are granted particular scopes, which show up in the access token. OAuth requests to the authorization server are made from an application to request tokens. See the OAuth API in the developer reference, and look at the .NET SDK: Add user authentication and Okta Resource Management to your ASP.NET Core app | Okta Developer.