Add IP Address to JWT

Hello, is it possible to add a claim to an access token that contains the user’s ip address? I am considering making the JWT “IP Address Bound” so that you could essentially give your JWT to someone and they couldn’t use it from another place. The receiving API endpoint would validate the IP of the request matches that in the token. I have a way to do this but it’s a bit messy, we consume the OKTA system log and from the log have the IP address of the user when the JWT was issued but it would be simpler to stuff the address in the JWT itself.

Thanks!

Hello, You can do this with a token hook. When a Okta posts a message to a token hook, the body of the message contains a context object,

2021-01-07T07:20:43.095746+00:00 app[web.1]: {
2021-01-07T07:20:43.095747+00:00 app[web.1]: context: {
2021-01-07T07:20:43.095748+00:00 app[web.1]: request: {
2021-01-07T07:20:43.095750+00:00 app[web.1]: id: ‘X-a2SgqNrr1HXRaQ0XcLRAAAB1c’,
2021-01-07T07:20:43.095751+00:00 app[web.1]: method: ‘POST’,
2021-01-07T07:20:43.095751+00:00 app[web.1]: url: [Object],
2021-01-07T07:20:43.095752+00:00 app[web.1]: ipAddress: ‘87.104.209.214’
2021-01-07T07:20:43.095752+00:00 app[web.1]: },

The ipAddress should map to the address of your client. Within the hook you can extract this value and then create a new claim with it. Information on creating a token hook can be found in the docs.

Hi @wildrose,

You could use token inline hook to add a claim in JWT. Find the sample json payload here.

I hope this helps you.