I am trying to use to set custom claims for hasura. They have a required claim that is X-Hasura-User-Roles and the format must be [‘user’,‘moderator’] for example. This is not possible to do in the okta admin panel, it just causes the claim to be missing from the generated jwt. I have tried escaping like [ but that doesn’t work either. Any ideas? I am so close, but missing this final detail.
To have the attributes in the format specified, you need to declare an array attribute in the Okta User profile (Admin >> Directory/Users >> Profile Editor >> user >> Profile >> Add Attribute >> Data type = “String array”).
Once this is done, you can fill the attribute with values in the user’s profile and set the attribute as a claim in the authorization server.
Here’s an example on how it would look under Token Preview in a custom authorization server:
Thanks that’s exactly what I needed. Just to double check there is no way a user could tamper with this value using their session, token etc to call the generic API?
If you have a JWT verifier on your end, it will check the signature inside the token in order to validate it and prevent any potential token tampering.