When using client credential how to provide Groups as claim?

Hi, I created a Application with grant type as client credential. I am planning to use this Application for AuthN/AuthZ of APIs. client can use client id and client secret to generate the token. I want generated token should have scope “groups” and values against that scope could be any Group I created in Okta. Directory → Groups.
The problem I am facing is that generated token shows that scope asked was groups but not showing any values against it. I tried providing
custom_claim groups: matches regex .* or any other filter criteria.

When I do below it work and provide me custom_claim as app clientid.
custom_claim app.clientId

This is same like we do in Azure AD when we try to give API Permission inside an Application.


This is not supported at this time. Group expression functions and group filters can only be applied when a user is in context (e.g. a user is requesting tokens, not an application).

You may want to upvote and track a related feature request on our Okta Ideas site: Idea #166547 Include application’s assigned groups into groups claim using client credentials flow | Okta Ideas

Thanks for prompt response! @andrea

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.