devd.64603 (Customer) asked a question.
I am following react SPA sample, managed to do the authentication. Additionally I would like to do some role-based security and for that I'd like to add some custom user attribute to returned token (e.g. Role)
Here are okta settings on client side:
const oktaAuth = new OktaAuth({
issuer: 'https://mydomain.okta.com/oauth2/default',
clientId: 'myClientID',
redirectUri: window.location.origin + '/login/callback',
pkce: true,
});
This is how I initiate login on the client side:
oktaAuth.signInWithRedirect();
Now, on the server side I decypher the token using the method oktaJwtVerifier.verifyAccessToken and receive the following list of claims:
aud:'api://default'
cid:'myClientID'
exp:1619170402
iat:1619166802
iss:'https://mydomain.okta.com/oauth2/default'
jti:'myJTI'
scp:(3) ['email', 'openid', 'profile']
sub:'my@email.com'
uid:'myClientID'
ver:1
I have couple of questions. 1. Is it possible to add a custom claim to this list? e.g. role: 'editor'. 2. Where do ['email', 'openid', 'profile'] comes from? I have not specified them on client.
Hi there,
You can add custom claims to a token as long as you have access to custom authorization servers. Additionally, 'email', 'profile' and 'openid' are scopes. You can find and edit these in the config.js file of the sample React app.