Getting Session ID as Claim in Access Token


Was wondering if there is a way to add the user’s current session ID to an access token as a claim.


Take a look at the following thread that details a way to do this with Token Inline Hooks (a Custom Authorization Server is required for this option): Validate access token is linked to Okta session - #2 by andrea

Note that the session id is only available in the payload sent to the Inline Hook during a new OAuth flow. It will NOT be present if a refresh token is used to get new tokens for the user.

Hi Andrea,

Unfortunately we are also looking for this functionality for access tokens retrieved by refresh tokens as well. Is there no way for those to be augmented with a session ID?

Since refresh tokens are used for offline_access, they are not dependent on the existence of an Okta session (the Okta session does not need to be valid for the user to remain logged in) and the user’s session ID is no longer associated with the token request