<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007n3xBmCAIOkta Classic EngineAuthenticationAnswered2022-07-14T16:43:10.000Z2022-07-13T14:15:11.000Z2022-07-14T16:43:10.000Z

EricP.48498 (Customer) asked a question.

July 13, 2022 at 2:15 PM
Returning group profile attributes in requested client_credentials token

I have a group, with custom profile attributes. I added an application to the group. The application has public/private jwk that I use to get an access token.

 

How do I ensure the access token populates the custom attributes as part of a claim, from the group profile?

 

The original claim (under API settings) was `user.accountScopes` is there some other expression (just spit balling `

(app != null) ? app.accountScopes : user.accountScopes`) or something else that is needed to ensure it is populated in the token?

  • 4 answers
  • 417 views

  • EricP.48498 (Customer)

    I found a sort of work around. Using the API `PUT` operation, you can add additional attributes in an application.

     

     

    "profile": {

    "accountUuid": "8a117199-b86b-497f-82b0-e437cbcd64f0",

    "accountScopes": [

    "create:company",

    ...

    ],

     

     

    And then I can reference them in the API claims:

     

    API Claims

    Expand Post
    Selected as Best
This question is closed.
Loading
Returning group profile attributes in requested client_credentials token