[Additional Claims] Looking for a way to add data into an ID Token on the fly without using Inline Hook

Hi there,

I’m looking for a way to add/patch custom data into an ID Token on the fly in the authentication flows, without using Inline Hooks. Because most of my company services are behind proxy, so it’s impossible to using Inline Hooks for adding/patching custom data to ID Token. So, I’m wondering that is there any way to do that directly in the exchange token step in the authentication flows (Authorization Code, Client Credentials, etc. ) by passing custom data along when getting access/ ID tokens?

Thanks!

I did a quick research, it looks like I can do that with Auth0 https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims#custom-claims. Following is the official spec from OpenID https://openid.net/specs/openid-connect-core-1_0.html#AdditionalClaims

Hi @sanguyen

If the details that you want to add inside the ID token are available in Okta, you can set up one of the following:

  • profile scope claims under Admin >> Directory/Users >> Profile Editor >> OIDC app >> Profile and map them with values from Okta user profile
  • custom claims using custom authorization servers created through API Access Management SKU, available under Admin >> Security >> API >> Authorization Servers >> your authorization server >> Claims

Thanks @dragos for the reply and information!

I have been using the 2nd one for setting up my custom claims. However, it seems this option can only be used for custom claims with fixed values which we getting from meta data or what we set up in advance. The way which I’m looking for is that I can send along additional data when exchanging authorization_code to get access_token/id_token. This step:

Like can add an additional field in x-www-form-urlencoded
POST https://{domain}/oauth2/default/v1/token

grant_type=authorization_code
&client_id=0oapid1h7wG5bllt50h7
&client_secret=hjLVt7EZDw-qCDnx36TUEV5k5kHm-gFIHnmzKRon
&redirect_uri=https://www.oauth.com/playground/authorization-code.html
&code=bD-9aYIhqbsQR-4_BVy_
&my_custom_data=…

Or in the body somehow:

{
my_custom_data: …
}

So that this additional data can be attached inside the tokens returned.

Thanks

Hi @sanguyen

Thank you for your clarification. At the moment, we don’t have an option to add the custom claims in this format, only through the Token Inline Hook feature.