I am new to Okta so apologies if my questions are not clear.
So what I want to do is basically parse the JWT token generated by okta and extract the group information of the logged in user associated with it.
I am under the impression that this information should be there in the OidcUser object. I do see user name/email id / token validity etc information inside this object. Unfortunately I can't see group id which I need for further processing.
@RequestMapping("/")
public String hello(@AuthenticationPrincipal OidcUser user){
StringBuilder sb = new StringBuilder();
for (Map.Entry<String, Object> entry : user.getClaims().entrySet()) {
sb.append(entry.getKey() + ":" + entry.getValue().toString());
sb.append("\n");
}
sb.append("|");
sb.append(user.getClaims());
return sb.toString();
}
Here is my okta plugin inside spring boot
okta.oauth2.issuer=https://dev-XXXXXXXX.okta.com/oauth2/default
okta.oauth2.client-id=XXXXXXXXXX
okta.oauth2.client-secret=XXXXXXXXXXXX
I am wondering if my approach is proper and what more I need to do to extract User group from Okta JWT token.
To get user groups you need to make an additional request to
/userinfo
endpoint, assuming you requestedgroups
scope during/authorize
call.Please see a guide here
Not exactly spring-boot response, but it's always beneficial to know how things work under-the-hood