Configure claims value based on the Client Credential

59ae1715bc82a0481948 · December 8, 2020, 11:35pm

Hi,
I know you can create custom scope for API and it can be made granular as to include scope specific to read, write, update and delete (ex: scope_read, scope_update) for Client Credential Grant type

I was wondering if I could in some way change the value of the claim under the scope based on the Client Credential in such a way that it is easy for admins to manage it ?

something like this
Credential 1 -
scope|
|--------claim_record_reader= ‘Yes’
|--------claim_record_writer=‘No’

Credential 2 -
scope|
|--------claim_record_reader= ‘No’
|--------claim_record_writer=‘Yes’

Thanks

warren · December 9, 2020, 7:14pm

You can probably do this with custom claims and with the Okta expression (app.clientId == '{client_id}') ? 'yes' : 'no'. Depending on the number of applications you have, the expression will be more complicated.

59ae1715bc82a0481948 · December 9, 2020, 11:53pm

it would be great if there was a ui based mechanism through with static value could be assigned for each client credential

system · December 10, 2020, 11:53pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.