This article discusses how to get OIDC/OAuth application attributes like "Name" or "Label" as claims in id_token/access token.
- OpenId Connect/OAuth applications using a Custom Authorization Server
- Okta Classic Engine
- Make a
GET /api/v1/apps/{{appId}}request to get the current Application model. The output of this request will be needed for Step 2. - Update the app using
PUT /api/v1/apps/{{appId}}to add a profile object with "label" attribute. See the example request below of a modified application model. Ensure to replace the URLs and other variables with values for the environment (for example, appId). If unfamiliar with curl, Okta recommends using Postman to help with the structure of the request.
curl -X PUT https://org.okta.com/api/v1/apps/appId \
-H 'accept: application/json' \
-H 'Authorization: YOUR_API_KEY_HERE' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d '{
"name": "oidc_client",
"label": "Test Service App",
"signOnMode": "OPENID_CONNECT",
"credentials": {
"oauthClient": {
"client_id":"appId",
"autoKeyRotation": true,
"token_endpoint_auth_method": "client_secret_basic"
}
},
"profile": {
"label": "Test Service App"
},
"settings": {
"oauthClient": {
"client_uri": null,
"logo_uri": null,
"redirect_uris": [],
"response_types": [
"token"
],
"grant_types": [
"client_credentials"
],
"application_type": "service",
"consent_method": "REQUIRED",
"issuer_mode": "ORG_URL",
"idp_initiated_login": {
"mode": "DISABLED",
"default_scope": []
},
"wildcard_redirect": "DISABLED"
}
}
}'
- Navigate to Security > API > Authorization Servers to create a Claim in the custom authorization server and give the expression "app.profile.label" in the Value as below.
- In the custom authorization server, go to the Token Preview tab to generate the token and look for the claims.
