I’m trying to get existing user attributes as part of access token. I’m trying the client credential flow and in the Authorization server I have added the claim as user.firstName for some reason the access token does not contain the claims when I use OKTA’s expression language. Any idea How to get the claims in the access token ?
I have attached few screenshots on how I configured the claims, can someone let me know what I’m doing wrong?
What you are trying to do just isn’t possible with Client Credentials flow.
As the Client Credentials flow does NOT involve a user (no user auth involved, only credentials needed to authenticate are the client credentials), there is no user in scope from which you can pull profile attributes into the token claims. The only dynamic information you can access will be related to the scope (access.scope) or the application (app.clientId, app.profile.*, etc)