I wanted to know what the significance of event name app.oauth2.as.evaluate.claim_failure?
I can see this event is in sequence just after authorization code request.
But my doubt is even app.oauth2.as.evaluate.claim_failure is coming from authorization server then also users are able to access the resource so I am confused whats the significance of this faliure event anywhere?
Claim evaluation failures indicate that a custom claim that was configured in your org is evaluating to null or otherwise failing to evaluate. These warnings are surfaced in the system log so that the admin can review the claim (check the Target section in system log for the DisplayName (claim name) and DetailEntry (to see the Oauth2claimvalue) to determine if the evaluation failure is expected (e.g. the user profile attribute referenced in the claim is null for the user logging in) or if there is something wrong with the expression (a groups expression that is failing to evaluate for many users)
Generally, if these evaluation failures occur, the custom claim referenced will just not be present in the token. Any claim that evaluates to ‘null’ (including default claims for the
profile scope) will just not be included.