Custom claim in token based on application URL

Our organization is using the okta-spring-boot-starter in our web application. We have a claim in our access tokens that is a : delimited array. Our application can also be access from several URLs. I’d like to select a value from this array based on the URL used to access the site.

Ideally, I’d like to modify the JWT and select the value. I’ve been digging into how the Okta library works, but I’m not sure I’ll be able to do what I want. I could do something more rudimentary, such as extracting the URL, and perform some logic in a web filter, then passing it downstream as a request header or parameter.

What other alternatives do I have?

Hi @jndietz! As I understand your request, you are looking to have a custom claim dynamically show up in your token based on the URL used to access your app?

Hey, @sigama, thanks for the response. You are correct in your understanding – we would like to use a custom claim based on the URL. The reasons why we have multiple URLs pointing to a single app are lengthy, but it boils down to how our services are marketed and branded.

Hi @jndietz! You may be able to achieve this using a custom authorization server and Token Inline Hooks. When Okta sends a request to your hooks endpoint in the middle of an OAuth flow, along with information about the claims for the tokens, you will also be sent information about the initiating request, including the request URL (located in data.context.request.url.value). See our docs for an example request body: Token Inline Hook Reference | Okta Developer

So if you include an extra parameter in the /authorize call, you can extract it from the request body to the hook endpoint and then send a command back to Okta to add a claim containing that value.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.