I have users that use the OKTA Enterprise Connection to login to certain applications. I need to populate the user token with the OKTA Groups that user is assigned to. When they change I expect to they would change in Auth0. So I am following the excepted solution provided here Get/map claims from Okta - Enterprise Connection .
The solution requires in a login action getting the users idp access token from the management api and calling the okta user info endpoint. The issue is that when I call get user in management api no access token is provided in the response. My JWT token contains the scopes read:users, read:user_idp_tokens.
According to the documentation that should be all that is need to get the users idp access token. Why is it that when I call /api/v2/users/{user id} no idp access token is returned?
Hi @brandon.knox,
I was able to set up an Okta connection and tested it to get the IdP access tokens. After a request to the get user endpoint with the appropriate token and scopes, I see the Okta access token in the identities array.
Here’s an example of that I see:
{
"created_at": "2023-10-04T19:22:34.059Z",
"email": "xxx",
"email_verified": true,
"family_name": "x",
"given_name": "xxx",
"identities": [
{
"user_id": "trial-xxx|xxx",
"access_token": "xxx",
"provider": "okta",
"connection": "trial-xxx",
"isSocial": false
}
],
"name": "xxx",
"nickname": "xxx",
"picture": "xxx",
"updated_at": "2023-10-04T19:23:58.881Z",
"user_id": "xxx",
"last_ip": "xxx",
"last_login": "xxx",
"logins_count": 1
}
Thank you for the reply. I noticed that I had switched the user mapping to the OKTA template and that seemed to be removing it. When I created a new connection and used the default mapping it came across.
Perfect, thanks for the update!