Access Management 7.3.2

OAuth 2.0 scopes policy script API functionality

In addition to the functionality provided by Access HTTP services and Debug logging, OAuth 2.0 policy condition scripts can access some environment properties relating to the authorization request.

This information can then be returned as needed in the response to an authorization request:

Authorization state objects
Object Type Description

authorized

Boolean

Return true if the authorization is currently successful, or false if authorization has failed. Server-side scripts must set a value for authorized before completing.

environment

Map<String, Set<String>>

Describe the environment passed from the client making the authorization request.

For example, the following shows an environment map with a single entry:

"environment": {
    "clientId": [
        "MyOAuth2Client"
    ]
}

The following JavaScript writes the ID of the OAuth 2.0 client to the debug log, and then authorizes the request:

logger.message("Client ID: " + environment.get("clientId"));
authorized=true;