Test Okta Expression Language
expressions before putting them live: syntax highlighting, validation, IntelliSense,
and local evaluation against sample data — for group rules, profile mappings,
OIDC custom claims, and SAML attributes.
Features
Diagnostics — syntax errors, unknown functions with suggestions, wrong
argument counts, type mismatches, deprecated functions, = vs ==, and
unsupported SpEL constructs.
Context awareness — group rules only allow String/Arrays/user
expressions and must return a Boolean; OIDC claims can't use explicit app
references. Declare the context per file:
Live evaluation — put a mock user in okta-el.sample.json (schema-validated)
and the result shows as a CodeLens above the expression, updating as you type.
IntelliSense — completion for roots, profile attributes, and functions;
hover docs with signatures and examples; signature help.
Embedded expressions — expression_value in Terraform okta_group_rule
resources and "expression": { "value": ... } in Okta API JSON payloads get
the same diagnostics and evaluation.
Usage
Create a file with the .oel extension and write one expression per file.
Optionally add a leading // @okta-el context=... sample=... directive
(Okta EL has no comments, so these lines are unambiguous — copy only the
expression into Okta).
Create okta-el.sample.json in your workspace to evaluate against your own
data; until then a built-in demo profile is used.
Settings
oktaEl.defaultContext — context assumed when a file has no directive.
oktaEl.diagnostics.unknownRoot — severity for unknown root identifiers
(they may be app instance names that resolve at runtime).
Caveats
The local evaluator mirrors documented Okta behavior, with limits: matches
uses JavaScript regex semantics (Okta uses Java's), Time.* supports a common
subset of Joda patterns, and Iso3166Convert.* uses a built-in table of common
countries.