I have a Python app that is calling the Okta API to create users, groups and I need to create an application integration.

I am able to successfully create via the API an OpenID Connect app with the code at the bottom of this post and it works fine. However, I need to be able to set or update the "Groups claim filter" on the app. I can do this via the dashboard (see image below). Looking at the Terraform provider, it also looks like you can pass this information in for creating an app resource.

https://registry.terraform.io/providers/okta/okta/latest/docs/resources/app_oauth*groups_claim

But I cannot figure out how to do this via the Okta API. I've read this, https://developer.okta.com/docs/reference/api/apps/*add-oauth-2-0-client-application

It seems I might need to send in a profile object during the app creation. https://developer.okta.com/docs/reference/api/apps/*create-an-app-with-a-profile-object

I've tried making the change via the UX and then calling the /api/v1/apps/{{appId}}. But the resulting data doesn't show the group claims. So where is this stored?

Anyone any ideas? If Terraform is doing it, there must be a way.

okta_client = OktaClient(okta_config)

body = {

"name": "oidc_client",

"label": label,

"signOnMode": "OPENID_CONNECT",

"credentials": {

"oauthClient": {

"token_endpoint_auth_method": "client_secret_basic"

}

},

"settings": {

"oauthClient": {

"redirect_uris": [

f"https://demoaccount.cloudflareaccess.com/cdn-cgi/access/callback"

],

"response_types": [

"code"

],

"grant_types": [

"authorization_code"

],

"application_type": "web",

"consent_method": "REQUIRED",

"issuer_mode": "DYNAMIC",

"idp_initiated_login": {

"mode": "DISABLED"

}

}

}

}

app, resp, err = await okta_client.create_application(body)