Create token claim rule
POST
/api/admin/token-claim-rules
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/api/admin/token-claim-rules \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "name": "department-claim", "description": "Embed department from user attributes for profile-enabled access tokens.", "token_type": "access", "condition": { "type": "all", "conditions": [ { "field": "scope", "operator": "contains", "value": "profile" } ] }, "actions": [ { "claim_name": "department", "source": "user_attribute", "source_key": "department", "include_if_empty": false } ], "priority": 10, "is_active": true, "stop_processing": false, "valid_from": 1770000000, "valid_until": 1770086400 }'Creates a custom access/ID token claim rule after validating required fields, reserved claims, and PII claim warnings.
Authorizations
Section titled “Authorizations ”Request Body required
Section titled “Request Body required ”Token claim rule to create.
Media type application/json
object
name
required
string
description
string
token_type
string
condition
required
object
type
string
field
string
operator
string
value
key
additional properties
actions
required
Array<object>
object
claim_name
required
string
value
value_source
string
key
additional properties
priority
integer
is_active
boolean
stop_processing
boolean
valid_from
integer
valid_until
integer
key
additional properties
Example
{ "name": "department-claim", "description": "Embed department from user attributes for profile-enabled access tokens.", "token_type": "access", "condition": { "type": "all", "conditions": [ { "field": "scope", "operator": "contains", "value": "profile" } ] }, "actions": [ { "claim_name": "department", "source": "user_attribute", "source_key": "department", "include_if_empty": false } ], "priority": 10, "is_active": true, "stop_processing": false, "valid_from": 1770000000, "valid_until": 1770086400}Responses
Section titled “ Responses ”Token claim rule.
Media type application/json
object
id
required
string
tenant_id
required
string
name
required
string
description
string
token_type
required
string
condition
required
object
type
string
field
string
operator
string
value
key
additional properties
actions
required
Array<object>
object
claim_name
required
string
value
value_source
string
key
additional properties
priority
required
integer
is_active
required
boolean
stop_processing
required
boolean
valid_from
integer
valid_until
integer
created_by
string
created_at
required
integer
updated_at
required
integer
key
additional properties
Example
{ "id": "tcr_8f12", "tenant_id": "tenant_123", "name": "department-claim", "description": "Embed the user department claim when profile scope is requested.", "token_type": "access", "condition": { "type": "all", "conditions": [ { "field": "scope", "operator": "contains", "value": "profile" } ] }, "actions": [ { "claim_name": "department", "source": "user_attribute", "source_key": "department", "include_if_empty": false } ], "priority": 10, "is_active": true, "stop_processing": false, "valid_from": 1770000000, "valid_until": 1770086400, "created_by": "admin_123", "created_at": 1770000000, "updated_at": 1770000000}Error response.
Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{ "error": "example", "message": "example", "error_description": "example"}Error response.
Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{ "error": "example", "message": "example", "error_description": "example"}Error response.
Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{ "error": "example", "message": "example", "error_description": "example"}