Get custom claims from different server on a REST call

Dear Team,

I am working on a use-case where my application needs to get the access token generated by okta using authorization_code grant type. That token should contain the custom attribute. We need to determine the custom attribute for the user from different application where the application has the REST endpoint to retrieve the value. Kindly help me to get the custom attribute and inject it into the token. That custom attribute needs to be reused in subsequent API calls.

the sequence flow has been attached for more understanding of the flow expected in the usecase

Hi @tgkumarmca! You may consider Token Inline Hook -

This type of inline hook is triggered when OAuth 2.0 and OpenID Connect (OIDC) tokens are minted by your Okta Custom Authorization Server. Before sending the token to the requester, Okta calls out to your external service, and your service can respond with commands to add custom claims to the token or to modify existing claims.

Here is an example - Use Okta Token Hooks to Supercharge OpenID Connect | Okta Developer

Thanks for the reply! I was able to test with the token webhooks. This is working as per the requirement in success case. I would like to throw an exception when the hook is failed to execute. With this current implementation, token is being generated even the hook failed. How can I handle this exception scenario?

@tgkumarmca good to hear this meets your needs. Unfortunately, we don’t have a way to handle an exception to your hook failed scenario :frowning: you may want to post on our Ideas Page for our product team to consider this option.