Hi,

We have an Oauth2 app (OIDC - Web app) and after authenticating with it we are trying to hit this endpoint integrations/api/v1/api-services/ but for some reason we are getting `403 - Forbidden`

​

```json

{

 "errorCode": "E0000006",

 "errorSummary": "You do not have permission to perform the requested action",

 "errorLink": "E0000006",

 "errorId": "oaejnZ2oM4pQPyWy-buEDEBEA",

 "errorCauses": []

}

```​

1. We are requesting the scope `okta.oauthIntegrations.read` during Oauth2 process
2. The OAuth2 app has this scope granted
3. The user who is logging in during the OAuth flow has "Read-Only Administrator" Role
4. Inspecting the token we got from OAuth I see the scope is there (picture)

Are we missing something here, or this scope is not working ?

I'm working on integrating Okta into a Spring Boot webapp + Angular webapp. I've got the primary login with username/password and code challenge working. That's been fairly easy. However, I've had to use redirects via a URL HTML window change vs. fully utilizing the OAuth2 flow. That has resulted in the webapp's lack of session state. I've followed several of the Spring and JS examples, but I haven't had much luck. I'm trying to utilize the API to close the gap. I have a Service Application in my Okta account and I'm using those credentials to access the Okta API. I'm able to utilize the User API (List All Users, for example), but not the Session API. Is there something I might not be enabling correctly in my Okta Service Application? I have the following grants and token:

okta.myAccount.sessions.manage

okta.sessions.manage

okta.sessions.read

My token privilege is:

Privilege / Role

Super Admin

Type

Okta API

I've used curl, Postman, and the Java API clients, but they all fail when I try to access the Session API. Thanks for your help!

Hi,

The Okta Expression Language reference says that the language is based on Spring Expression Language.

In the Spring Expression Language, there is an operator called the "Elvis Operator" `?:` that provides a default value for an expression, if that expression is null or blank. See https://docs.spring.io/spring-framework/reference/core/expressions/language-ref/operator-elvis.html

The Okta documentation doesn't mention this operator at all, and seems like it would quite helpful in situations like this knowledge base article where the Groups.contains() function returns null if no groups match.

Through experimentation, it seems that the Okta Expression Langugage _DOES_ support this operator (at least as a Groups claim expression on an OpenID Connect app)

for example, the guidance offered in that knowledge base article:

Arrays.isEmpty(Arrays.toCsvString(Groups.startsWith("active_directory","A_SUBSTRING",100))) ?

Arrays.isEmpty(Arrays.toCsvString(Groups.startsWith("active_directory","APP_B",100))) ? {} : Groups.startsWith("active_directory","APP_B",100) :

Arrays.isEmpty(Arrays.toCsvString(Groups.startsWith("active_directory","APP_B",100))) ? Groups.startsWith("active_directory","A_SUBSTRING",100) :

Arrays.flatten(Groups.startsWith("active_directory","APP_B",100),Groups.startsWith("active_directory","A_SUBSTRING",100))

would be far simpler using the Elvis operator as:

Arrays.flatten(

Groups.startsWith("active_directory","A_SUBSTRING",100) ?: {},

Groups.startsWith("active_directory","APP_B",100) ?: {}

)

Moreover - adding a _third_ group to the original expression would be almost impossible - but quite simple using this operator. And it reduces 7 (possible) Groups.startsWith calls down to 2.

As this elvis operator already works - as a seemingly "undocumented" feature - could it be added to the documentation so that it could be relied upon, please? Also keen to take feedback from other Okta users - does the ?: operator work for you?

Thanks,

Tony.