xc0g8 (xc0g8) asked a question.
Changing value of claim based on scope for service app
Hello.
I have created a custom auth server and a client_credentials app (without any user).
I want to create a claim with name say "custom_claim" and set its value based on requested scope by client.
For example:
Return value of "custom_claim" as "value1" if the scope is "scope1"
Return value of "custom_claim" as "value2" if the scope is "scope2"
I tried following the Expression Language overview page, but couldn't find any way to do this. https://developer.okta.com/docs/reference/okta-expression-language/
Have people done this for client_credentials based app where there is no user? I could have achieved this easily if it was a user based app, but can't figure out a way to do this for a service app.
Hi Shirish,
Is "value1" for scope is "scope1" is static value or dynamic ? what expression you tried if you are expecting dynamic value?
@Vipul, the values are static, so I can hardcode them.
I want something like:
if(scope == "scope1") return "value1" else return "value2"
Well that is very simple. Create a new Claim as mentioned below and Include claim only for The following scopes:
So when you generate a token with "read" scope, Okta will add that static claim "Shirish_Claim" : "VALUE_1" in claim.
@Vipul, your suggestion works when there is only one value. The problem is, you can't create claims with same name which are resolved in different scopes.
I understand that.
The solution you are looking for is not possible because Okta expression only derived attribute's value from universal directory and app profile. It cannot read scope.