How to include user specific custom claim in client credentials token

chandramoulip24 · January 11, 2024, 5:33pm

Hello everyone, We have an .NET MVC application and a REST API. We are using the OKTA for the token based authentication (CLIENT CREDENTIALS FLOW) in between MVC controller to REST API.

We are using below URL to generate the token
https://{MyDomain}.okta.com/oauth2/{MyAppIdInOkta}/v1/token

We want to get the user specific claims using the token generated using above process.

Is it possible? If yea please help me with the process.
Otherwise please suggest the alternative approach to achieve this.

Thank you.

andrea · January 11, 2024, 5:36pm

This is not possible or supported. When using Client Credentials grant, there is no user context available, so there is no way to access user profile attributes.

If your integration requires claims specific to individual users, you will want to use a user-based OAuth flow instead (e.g. Authorization Code Flow).

If your integration just needs to receive additional claims specific to the client used, you could look to set up application profile attributes that can be pulled into a claim, as described here: How to Get OIDC/OAuth Application Attributes Like Name or Label as Claims in id_token/access Token | Okta Help Center

system · February 11, 2024, 8:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.