I configured an OIDC application to use the okta simplified flow. After successful authentication the user is redirected to the login redirect uri, but the token passed to that URL does not include my custom claims.
If I check the ID token in token preview tab the custom claim is there. Can anyone advice me?
I have configured the app as described in the article. I do not initiate the authentication process from the dashboard, but from our own login widget. The authentication is done by an external IDP.
Are you using a custom authorization server or the default Okta org authorization server?
@ariedebeukef I agree with @gsvivek, it sounds like your application may be using the built in Org Authorization server (issuer = https://org.okta.com) instead of a Custom Authorization Server (issuer = https://org.okta.com/oauth2/{{authServerIdOrName}}). Details about the two different types of servers found here. NOTE that the “Default” server found under API → Authorization Servers is just the name of the first Custom Authorization Server. It is NOT the same as the Org Authorization Server.
Only the Custom Authorization Servers can have custom claims, so if you are not seeing custom claims in the token payload, check to see what the ‘iss’ value is for your token to see if you are using the expected auth server.