AdamM.90568 (Customer) asked a question.
Hello,
I use the "expand=targets/groups,targets/catalog/apps" parameter for the roles endpoint (e.g. /api/v1/users/{userId}/roles) to access the targets of standard roles without the need to call the dedicated endpoint: /api/v1/users/{userId}/roles/{roleAssignmentId}/targets/catalog/apps. The problem is that the content of the "_embedded" field (obtained by using "expand" param) differs from what we get from the dedicated endpoint BUT only for the applications that were created by me (in the case below app named "My Web App 1"). The "_embedded" content leads to some general entity called "oidc_client":
Target in the "_embedded" field:
Target received from /api/v1/users/{userId}/roles/{roleAssignmentId}/targets/catalog/apps:
As also said before, the targets obtained using these two methods are the same when the target is an application that I integrated with (some google app as an example):
Also, I noticed that the group targets (so, GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN and USER_ADMIN roles' targets) always match between these two methods. Ergo, the same data can be retrieved using "expand" parameter and in the dedicated endpoint which again, makes me think I should expect the same data when accessing it via these two different methods for the application targets too.
Thank you in advance!
Hello @AdamM.90568 (Customer) , thank you for contacting Okta Community!
I've reviewed our documentation for something relevant. It looks like your question is more appropriate for our dedicated Okta Developer Forum. I advise reaching out via devforum.okta.com as they will have more insight into this topic.
In the meantime, you can reference these articles from Okta Developer:
Administrator Roles API
User Role Assignments
While we'll do our best to answer your questions here, this medium is more inclined towards Okta's core products and features (non-developer work).
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.