When I exchange authorization code for tokens from token endpoint, I am not getting custom claims.
I am using Okta org as an authorization server, where issuer is https://subdomain.okta.com.
Is it even possible? What do I need to do here?
You need to use your domain + /oauth2/default as the issuer to get custom claims. In this case, default is the name of your authorization server. You should see it listed under API > Authorization Servers. It’s automatically created for you when you create a developer account.
Hi @viks
When using the Okta org as authorization server, if both ID token and access token are requested, either individually (eg. response_type=id_token%20token) or through authorization code flow (eg. response_type=code), the ID token is minified and the claims are available through a separate request to /userinfo endpoint.
Thank you both.
This is what I was thinking that it is not possible to get custom claims in ID token if using authorization flow with Okta org.
Problem is that I am trying to consume an API written by someone who used Okta Org and API is using ID-Token for authorization.
Now I can debate with them about how bad is their implementation or I can try to find work around. I don’t know what is easier. lol
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.