You may want to look at Token Inline hooks (a custom authorization server MUST be used if you want to go this route), like @phi1ipp mentioned.
If the session_id you’re referring to is not the same thing as the Okta session id, you can still get it in the data sent in a request to your webhook if its present in the authorize request url (say, as an additional paramter “session_id”). When Okta sends a request to your hooks endpoint in the middle of an OAuth flow, along with information about the claims for the tokens and information about the user and their session, you will also be sent information about the initiating request, including the request URL (located in data.context.request.url.value). See our docs for an example request body: Token Inline Hook Reference | Okta Developer
So if you include an extra parameter in the authorize call, you can pluck it out from the request body to the hook endpoint and then send a command back to Okta to add a claim containing that value.