I have both service applications (client credentials) and single-page applications assigned to the same authorization server in Okta.
I need to create a custom claim that will:
Return “service” for service applications
Return “spa” for single-page applications
Is there a way to create a custom claim expression that can distinguish between these application types? What variables or properties are available in the claims expression language that would allow me to identify the application type?
Any guidance on the correct expression syntax would be greatly appreciated.
What I’ve tried:
I attempted to use an expression like:
There is no way to access the application type in the Okta Expression Language, and no way I can think of achieving this dynamically.
The best solution I can think of is to statically add an application profile attribute to EACH application to contain the application type information, similar to the approach here, setting the value of the attribute to string “service” or “spa”, and then pulling that attribute’s value into a claim using app.profile.application_type, where application_type is the name of the attribute created in the application profile
I attempted to add an application profile attribute, but I was unable to access it using app.profile.application_type. It appears that app.profile remains empty when trying to access it. After investigating further, I discovered this is an Okta limitation.