We are trying to add information from a user’s profile (the firstName) to be included in the access tokens issued by a custom authorization server (not the “default” one okta creates on every developer account).
To do this, we use the developer console under API > Authorization > claims and click the “Add Claim” button.
We specify “firstname” as the claim name, select “access token” to include it in the access tokens, and use the expression “appuser.firstName” as the value. We leave everything else as is, so the claim is used for any scope and is not disabled.
However, when trying to validate the expression used in the token, it is not included in the “token preview”.
Why wouldn’t the claim be included in that case? We have double-checked that the user we are using for preview purposes has a firstName set in his profile. Is the “appuser” part in the claim only valid for the default auth-server and needs to be something different when using a custom auth server?
Thanks in advance.