Owin UseOAuthBearerAuthentication Not getting groups claims

Asked Feb 14 '17 at 17:11

Active Mar 08 '17 at 21:55

Viewed 197 times

I am not getting any group claims back from Okta when authenticating using the id_token. I am getting the name, email, address, and username, but no groups.

Not sure what else I would need to do to get this onto the principle

var clientID = WebConfigurationManager.AppSettings["okta:ClientId"];

var oidcIssuer = WebConfigurationManager.AppSettings["okta:OIDC_Issuer"];

TokenValidationParameters tvps = new TokenValidationParameters
    {
        ValidateAudience = true,
        ValidAudience = clientID,

        ValidateIssuer = true,
        ValidIssuer = oidcIssuer,

        ValidateLifetime = true,
        ClockSkew = TimeSpan.FromMinutes(5),

    };

app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
    {
        AccessTokenFormat = new JwtFormat(tvps,
        new OpenIdConnectCachingSecurityTokenProvider(oidcIssuer + "/.well-known/openid-configuration")),
    });

edited Mar 08 '17 at 21:55

Joël Franusic

1,178
8
18

asked Feb 14 '17 at 17:11

twaldron

2,722
7
40
55

Are these groups imported from Active Directory or groups created directly in Okta? – kevlened Feb 17 '17 at 01:41
Created in Okta – twaldron Feb 21 '17 at 16:20
If you use .* in the Group setting for the OIDC Application, this will return all groups a User is a member of. It basically uses regex to return groups – user3888307 Mar 01 '17 at 05:15

Owin UseOAuthBearerAuthentication Not getting groups claims

0 Answers0