Hi @eckhardt
You can get a JWT using the command auth0 test token -a https://AUTH0-DOMAIN/api/v2/ -s openid then you can decode it at jwt.io to see the scopes. Can you check if the action as explained in that tutorial has been created and is deployed to the login flow using your dashboard?
- Cick Actions (1) → Flows (2) → Login (3)
- Check if Add roles is present between start and complete (4)
- If not see custom tab on the right side (5)
- Add roles (6) should be present and you can drag and drop it to the flow
If all this is setup correctly, ensure that okta.oauth2.groupsClaim=https://spring-boot.example.com/roles is setup in the application.properties file. Note that https://spring-boot.example.com/roles should be the same namespace you defined in the action as well
Let me know what you find