Custom Claims are Missing when Added to the Authorization Server

I have followed the instructions on adding/modifying claims (https://developer.okta.com/authentication-guide/implementing-authentication/set-up-authz-server.html#create-claims-optional) but when I inspect the id and access tokens that are returned after logging in via the okta login widget (via https://dev-xxxx.oktapreview.com/oauth2/v1/authorize?.…) the new/modified claims are not present. Likewise when I call the /oauth2/v1/userinfo endpoint with the access token the claims are only “sub”, “email”, and “email_verified” and the “sub” claim is not showing the modified value. Is there something I’m missing?

I had to set the “authParams.issuer” property on the okta sign in widget to match the authorization server where the claims are configured:

authParams: {
  issuer: config.oktaBaseUrl + '/oauth2/default'
}
2 Likes