t2fjg (t2fjg) asked a question.
Hello okta community,
I have a question about token in-line hooks. The documentation about token Inline hook (https://developer.okta.com/docs/reference/token-hook/) says that the hook only works with a custom authorization server and not the default server. "This Inline Hook works only when using an Okta Custom Authorization Server, not the built-in Okta Authorization Server." But I read the working example posted on okta developer blogs (https://developer.okta.com/blog/2019/12/23/extend-oidc-okta-token-hooks) using default auth server and was able to successfully do a small POC. The token inline hook worked like a charm by adding custom claims to the tokens minted by the default auth server. We are planning on taking this approach to production environment.
So, my question is, why does the documentation says that the hooks will work only with custom auth servers. Are there any gotchas that I am missing? Can somebody please confirm that this approach works without any issues?
Thanks in advance.
Thank you for posting your question! Gabriel with Okta support here. As per our documentation: If you have an Okta Developer Edition account and you don't want to create any additional custom authorization servers, you can skip this step because you already have a custom authorization server created for you called "default". The {authServerId} for the default server is default.
If you need more details on this do not hesitate to open a case with our developers!
https://developer.okta.com/docs/guides/customize-authz-server/create-authz-server/
https://developer.okta.com/docs/reference/token-hook/
Thanks Gabriel. That makes sense.