POST /api/v1/authorizationServers/{authServerId}/claims

id of the Authorization Server

Default value: "application/json"

ID of the Claim

Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations.

Name of the Claim

Specifies the type of group filter if valueType is GROUPS

If valueType is GROUPS, then the groups returned are filtered according to the value of group_filter_type.

If you have complex filters for Groups, you can create a Groups allowlist to put them all in a Claim.

Possible values:

• "REGEX"
• "CONTAINS"
• "EQUALS"
• "STARTS_WITH"

When true, indicates that Okta created the Claim

Specifies the scopes for the Claim

Possible values:

• "ACTIVE"
• "INACTIVE"

Specifies the value of the Claim. This value must be a string literal if valueType is GROUPS, and the string literal is matched with the selected group_filter_type. The value must be an Okta EL expression if valueType is EXPRESSION.

Specifies whether the Claim is for an access token (RESOURCE) or an ID token (IDENTITY)

Possible values:

• "RESOURCE"
• "IDENTITY"

Specifies whether the Claim is an Okta Expression Language (EL) expression (EXPRESSION), a set of groups (GROUPS), or a system claim (SYSTEM)

Possible values:

• "SYSTEM"
• "EXPRESSION"
• "GROUPS"

Specifies whether to include Claims in the token. The value is always TRUE for access token Claims. If the value is set to FALSE for an ID token claim, the Claim isn't included in the ID token when the token is requested with the access token or with the authorization_code. The client instead uses the access token to get Claims from the /userinfo endpoint.