wguvm (wguvm) asked a question.
I've logged my user in by redirecting to the authorization_endpoint with a scope of "groups openid email", after successful login at that endpoint the user is redirected again back to my application with the code as a GET parameter.
I'm then making a request to the token_endpoint, this returns an id_token, and an access_token.
I then make a request to this url: {okta_site}/api/v1/users/me/groups
In the header for this request I'm including a, "Authorization": "Bearer: " + token
If I include the access_token returned, I get a 400 internal server error with no information. If I include the id_token returned I get a 401 unauthorized error. This leads me to believe I do have the right endpoint, but there is some error that I'm not seeing.
I've tried many other URLs and configurations, I've searched online and this seems to be a common problem but none of the solutions I found work. Any help would be greatly appreciated.
Found it, I can extract the groups from the access_token returned. No need for the request to api/v1/users/me/groups.
This actually still isn't returning what I need. If I call api/v1/users/me/groups, I can see there are ~80 or so groups returned, which is what I need. In the token though there are only 7 groups.
Hi @wguvm (wguvm) , Thank you for reaching out to the Okta Community!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-custom/developer work).
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.