Fill access token claim with attribute of application

We are using Client Credentials flow for machine-to-machine communication.
We want to add a new claim to the access token that contains a custom attribute that’s assigned to our application.

I have added a custom attribute called “orgId” to our application. It is mapped to a static string via the “Mappings” section.
In the authorization server section I have added a new claim called “orgId” with the expression “app.$orgId”.
Unfortunately, when I obtain an access token, the new claim is not present.
When I assign a static string to the claim, then the claim is present in the access token.

How can I get an attribute assigned to an application into a claim?

1 Like

Hey, Dennis

How did you add the custom attribute to your application, as part of the user profile?

As an access token generated via Client Credentials flow does not have a user scope, you will instead need to add a custom attribute to the Application Profile itself (not the User Application Profile).

Here’s a guide that walks you through adding this custom profile attribute (requires an API call) and creating a custom claim to pull in its value: How to get OIDC/OAuth application attributes like name or label as claims in id_token/access token?

Hey, Andreas.
Is adding a custom profile attribute only possible via an API call? Or can this also be achieved with the UI?

At this time, it is only possible to make this update via API call.

Is it planned to add this UI feature in the future?

I don’t see anything on our Roadmap, but you can make a Feature Request for this on the Okta Ideas portal, more information about this process can be found here: https://support.okta.com/help/s/article/Okta-Ideas-Overview-FAQ

@DennisKreg and any other Okta Admins that comes upon this thread, I’ve filed an Idea to track this request: https://ideas.okta.com/app/#/case/116393