Hi, we want to use an external API and using a machine-to-machine authentication mechanism, create an Okta JWT token that contains a couple of keys from the external API as part of the JWT, so that it can be passed onto other servers/services - verified, and these details can be used. I can’t find any way of sending data through to an Okta JWT via the client_credentials token creation - is this possible?
I looked into adding a claim - but it seems that these need to come from data that resides inside Okta, so this is of no use - we want to store for instance “external_user_id” inside the JWT token, so that when our JWT token is read in another system and verified, the external_user_id field can be pulled out
You’re looking for the Token Inline Hook. This hook will cause Okta to call an external service you specify whenever it creates a JWT, so you can specify additional claims to add to the token. Of course, this means that creating tokens will take a little longer (since there’s extra network delays, and Okta has to wait for your service to respond).
If it’s at all possible to store the external_user_id value in the Okta profile as a custom field, then you don’t have to use the hook or make a network call.
2 Likes
Hi,
We are using the client_credentials machine-machine workflow - so I do not believe that there is a way for the client_credentials workflow to authenticate as a given user to be able to access the user data?