KarunP.62301 (Customer) asked a question.
Expression language syntax to check if an attribute variable exists in app.profile
I have created a custom claim 'label' with app.profile.label value. Not all of my client apps have set 'label' attribute in profile. So I am getting lots of failure log "failure : system_claim_evaluation_failure" in Okta system log which is very messy. (I can still get the token without the claim)
Is there a way to check if label attribute exists in app.profile and return null if it doesn't.
Like:
app.profile.hasAttribute("label") ? app.profile.label : null
OR
hasAttribute(app.profile, "label") ? app.profile.label : null
Also, is there a way to not include 'label' claim in token if it doesn't exists in app.profile; include the claim only if the value exists.
Thank you,
Karun
Hello Karun,
I've escalated your question to our Customer Support team. They will respond to you shortly here.
Thanks!
Tim
Okta, Inc.
With just one call, this would not be possible. One call is one action, and you would first need to do a GET on a profile, then filter by attribute, and export the results. You'd have to do a full script for it.
It seems like the real issue is that when a claim has a null value in the user or app profile, Okta should not be polluting the log messages as errors or even warnings really. It is a normal operating condition to have some claims be null.
@Jonathan Newell (Customer) , That seems to be the case. Looks like, if an expression evaluates to null, Okta treats that as an error rather than returning the null value in claim (which might be fine if that's how it's designed to work). I wasn't aware of this earlier so I was thinking something is wrong in "app.profile.label" part in following expression I was using.
app.profile.label ?: null
I think this should have been handled gracefully without logging error, either by returning null value for the claim or by removing the claim in token.
For now I fixed this by returning "null" string:
app.profile.label ?: "null"
Thank you.