Integrating okta into exisitng web app

Hi and thanks for the help in advance,
I have an existing web application that im hoping I can integrate with some existing clients okta accounts. The main point of contention is that my web app has a few things like user_id, company_id, etc that is usually apart of the jwt claims. So to add these claims, im having to force my existing clients to update their user attributes / claims to accommodate my applications jwt requirements. Which even if they do that doesn’t actually properly set those values.

If nothing else being able to set a user_id on the callback route seems like it would satisfy my issues. So my question is, how do I set up a user after they log in via okta on the callback route?

ANY help would be appreciated

Like is the expected process to be
0) have clients create custom claims

  1. hit the webapp and login
  2. get transferred to okta
  3. get transferred back to the callback route
  4. make a get for the existing user profile in okta
  5. update the profile with user_id, role, etc via post/put to okta
  6. recreate jwt token

Or should I be creating a custom schema and applying it to those users that are using my system?

Just to keep replying to myself. I ended up using using jwt to verify that the authentication with okta was a success then issued my own jwt token after authentication in the callback route. This means of course im not using the jwt validator from okta (after that initial authentication check) and am not pushing any customer information from my web app back into okta. This doesn’t feel like it’s ideal but I wasn’t able to find any documentation that made sense around my use case.

That use case being:

  1. We are an existing webapp
  2. We aren’t using okta but our clients are
  3. We need someway to have custom private claims in the token, like ‘role’, ‘user_id’, etc

So i’ll keep reviewing tickets here and see if things ever match up. But for now the documentation to integrate with okta seems lacking and if you run into a similar issue, good luck.

It would be great if okta had a commuity slack or consultants I could throw money at for information around the integration issues I experienced. But so far no dice.