Okta Token Inline Hook Execution Fails with Error With Could Not Deserialize Error
Last Updated:
Overview
When Okta attempts to execute a Token Inline Hook, a deserialization error occurs due to a syntax error in the hook's response.
Okta logs an error in the System Log for a Token Inline Hook execution with the following error summary.
Could not deserialize inline hook response due to error at Line 1 Column <number>
Applies To
- Okta Identity Engine (OIE)
- API Access Management
- OpenID Connect/OAuth application
- Token Inline Hook
Cause
This issue occurs because the hook's response to Okta contains a syntax error when Okta attempts to execute a Token Inline Hook configured on a Custom Authorization server.
Solution
Ensure the hook response uses properly formatted JSON. The response must return a list of commands, where each command in the list is an object containing both a "type" of command (either com.okta.identity.patch or com.okta.access.patch) and a list of "value". Each object in the "value" list represents a specific operation that Okta performs on the specified token "type", with an "op", "path" to /claims/{{claimName}} or /token/lifetime/expiration, and a "value" that sets the claim or lifetime.
Format the JSON response to include the correct commands, types, and values as demonstrated in the following example.
{
"commands": [
{
"type": "com.okta.identity.patch",
"value": [
{
"op": "add",
"path": "/claims/extPatientId",
"value": "1234"
}
]
},
{
"type": "com.okta.access.patch",
"value": [
{
"op": "add",
"path": "/claims/external_guid",
"value": "F0384685-F87D-474B-848D-2058AC5655A7"
}
]
}
]
}
