1

I want to use Okta for authorization and authentication. I will create an Authorization Server which will authenticate people through an IDP.

From what I've read, the authorization server can have custom scopes and scopes are supposed to be the permissions and what something can do.

My question is if a scope can be assigned for a specific user or a group - for example, if I create a scope "can delete from db", can I tell the authorization server to issue me a token for a specific group with that scope and for another group a token without that scope? If it's possible, how do I do it through their api?

CodeMonkey
  • 11,196
  • 30
  • 112
  • 203

2 Answers2

0

Yes, you can use Okta's API access management access policies to assign scopes to users/groups.

  1. In the Admin Console, go to Security > API.
  2. On the Authorization Servers tab, select the name of an authorization server.
  3. Select Access Policies, and then Add Policy.
  4. Enter a Name and a Description for the policy.
  5. Assign the policy to All clients or select The following clients: and enter the name of the Okta OpenID Connect applications that are covered by this access policy. This field auto-completes the names of your OpenID Connect applications as you type.
  6. Create rules based on users/groups and scopes: https://developer.okta.com/docs/guides/customize-authz-server/create-rules-for-policy/#rule-use
Pruthvi Raj Nadimpalli
  • 1,335
  • 1
  • 15
  • 30
0

yes in okta UI we can do this But, as per user and group i want to generate token that contains scopes as per user permission like , If user 1 is part of ADMIN group then if i login using user 1 's credentials then token should contains ADMIN as value in scope part of JWT token
If user 2 is part of USER group then if i login using user 2 's credentials then token should contains USER as value in scope part of JWT token there should not ADMIN as value in scope in jwt token I hope u get it I want those permission value as SCOPE not as CLAIMS

Raj Prajapati
  • 1