Fill access token claim with attribute of application

DennisKreg · January 10, 2020, 1:43pm

We are using Client Credentials flow for machine-to-machine communication.
We want to add a new claim to the access token that contains a custom attribute that’s assigned to our application.

I have added a custom attribute called “orgId” to our application. It is mapped to a static string via the “Mappings” section.
In the authorization server section I have added a new claim called “orgId” with the expression “app.$orgId”.
Unfortunately, when I obtain an access token, the new claim is not present.
When I assign a static string to the claim, then the claim is present in the access token.

How can I get an attribute assigned to an application into a claim?

andrea · January 10, 2020, 4:10pm

Hey, Dennis

How did you add the custom attribute to your application, as part of the user profile?

As an access token generated via Client Credentials flow does not have a user scope, you will instead need to add a custom attribute to the Application Profile itself (not the User Application Profile).

Here’s a guide that walks you through adding this custom profile attribute (requires an API call) and creating a custom claim to pull in its value: How to get OIDC/OAuth application attributes like name or label as claims in id_token/access token?

DennisKreg · January 13, 2020, 12:08pm

Hey, Andreas.
Is adding a custom profile attribute only possible via an API call? Or can this also be achieved with the UI?

andrea · January 13, 2020, 4:28pm

At this time, it is only possible to make this update via API call.

DennisKreg · January 13, 2020, 4:45pm

Is it planned to add this UI feature in the future?

andrea · January 13, 2020, 7:14pm

I don’t see anything on our Roadmap, but you can make a Feature Request for this on the Okta Ideas portal, more information about this process can be found here: https://support.okta.com/help/s/article/Okta-Ideas-Overview-FAQ

andrea · January 23, 2020, 5:46pm

@DennisKreg and any other Okta Admins that comes upon this thread, I’ve filed an Idea to track this request: https://ideas.okta.com/app/#/case/116393

jrahhali · June 6, 2023, 12:37pm

@andrea, the link in your last post redirects me to a login page, so I’m not able to see the status of the request. Is there a public link?

What is the status of the request now? Still only available via the Okta API?

andrea · June 6, 2023, 4:43pm

You’ll need to be an Okta admin to access Okta Ideas. More information on Okta Ideas found here: Okta Ideas Overview & FAQ | Okta Help Center

Current status for the request for UI support is “Product Review”, so yes, you can still only access this data by API

Someone from the Product Management team at Okta has recently reviewed this Idea and has chosen to keep it under consideration for Product Review. This means that while it’s not on the roadmap yet, it’s still top of mind for us as we build out our future plans.
Thank you so much for the feedback. We’ll be sure to update this item once per quarter. In the meantime, please continue to add any additional comments, clarifications, and general feedback.

system · February 13, 2024, 12:34am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.