Custom Claims for Client Credentials

This is really a 2 part question. They’re very related which is why i’m including them in one question.

We are in the process of building a developer portal so that our customers can access our apis (self-service). We want to be able to create client credentials on a customer by customer basis for them to use in their clients. We would like to include additional information about our customer, i.e. company-id, the user belongs to. When a token is issued using the client credentials, it will include this company-id as one of its claims. This way when they call our apis, we can identify the company (authorize as well as track calls for billing purposes).

Question 1: Is this possible and how?

Question2: If this is not possible, then is there a recommended way to for managing customer access for machine to machine integrations.


Yes, you can have it so information about the customer is present in the token claims.

I’d recommend looking into adding custom attributes to the OIDC client in Okta to store this information, and then use an expression to pass that value into a Custom Claim, as described here: How to get OIDC/OAuth application attributes like name or label as claims in id_token/access token?