User Access Token Custom Claim Set Converter Using Spring OAuth 5.1

Hi, I have a requirement to read a custom claim that is part of User Access Token. I have successfully implemented the ResourceServer using Spring OAuth 5.1. I have followed the following example to validate the User Access Token using JWKS keys.

However, now i want to read custom claim from the User Access Token. Here is a sample of my JWT Payload.

{
  "ver": 1,
  "jti": "AT.tJ-Q2n0GubK3mmOM9JJrqh94y367867534WBqvhNk",
  "iss": "https://id.domain.org/oauth2/4658379245ksWkj9db0h7",
  "aud": "https://domain.org/audience/endpoint",
  "iat": 1575409811,
  "exp": 1575496211,
  "cid": "63475836548uitr",
  "uid": "2543862543786345",
  "scp": [
    "bmi",
    "bui",
    "si"
  ],
  "sub": "0435787345960h7",
  "grp": [
    "Everyone"
  ],
  "organizationId": "iWantToReadThis"
}

I need to now read “organizationId”. Can you please guide me on how to do this.

Thanks.

Hi @Vivek

This can be done through a custom authorization server by going in your administrative panel to Security >> API >> Authorization servers >> your authorization server >> Claims tab and add a new claim.

If you would like to have the claim generated dynamically, the best solution would be to use the Token Inline Hook feature. An example response to achieve the use-case presented is the following:

{
    "commands": [
        {
            "type": "com.okta.access.patch",
            "value": [
                {
                    "op": "add",
                    "path": "/claims/organizationId",
                    "value": "iWantToReadThis"
                }
            ]
        }
    ]
}