dm.99934 (Customer) asked a question.
unable to get roles in token for role specific authorization in .netcore api from react client
In security->API->Authorization servers->
select default authorization server and add a new claim whose value is groups. But still in generated token I can't see any claim with key name groups ? how can I get roles in access token claims?
In security->API->Tokens added a new token also.
My front end is developed in react and back end api is devolped using .net core.
Hi, my name is Mihai
Unfortunately you cannot use "role" as it's reserved. We don't have a good reason why other than it is reserved for token hooks, but you will need to use something different. Here is documentation regarding this:
https://developer.okta.com/docs/reference/token-hook/
If you look at the issuer for the “default” custom authorization server, you will see that it is your org url with
/oauth2/default
added to it. You can read about the differences between the two types of authorization servers here: https://support.okta.com/help/s/article/Difference-Between-Okta-as-An-Authorization-Server-vs-Custom-Authorization-Server?language=en_US
Since you are using the “default” custom authorization server, you should ignore the “groups claim” filter in the application settings, that setting only affects tokens minted by the Okta org authorization server. You can add multiple claims in the authorization server settings. In summary then the Group Claims Filter only adjusts the content of tokens minted by the Okta org authorization server. This is NOT the same as the default Authorization Server and so if you have custom Authorization Servers enabled in your tenant the only way to tune the token contents is in the Claims tab of the relevant Authorization Server.
If you want further assistance I suggest to open a support case.