Scripting API
AM provides the following functionality and artifacts for scripting:
- Scripted decision node API
-
(Authentication trees only)
Access data in request headers, shared state, and user session data.
- Policy Condition Script API
-
Access the authorization state data, the information pertaining a session, and the user’s profile data in authorization policies.
- Customize OAuth 2.0
-
Extend authorization server behavior with the OAuth 2.0 plugins:
-
Access token modification Modify the key-value pairs contained within an OAuth 2.0 access token.
-
Authorize endpoint data provider Return additional data from an authorization request.
-
Scope evaluation Evaluate and return an OAuth2 access token’s scope information.
-
Scope validation Customize the set of requested scopes for authorize, access token, refresh token and back channel authorize requests.
-
OIDC user info claims Map scopes to claims and data for OpenID Connect ID tokens.
-
- Token exchange
-
Add
may_act
claims to OAuth 2.0/OpenID Connect exchanged tokens. - Scripted module API
-
(Deprecated: Authentication chains only)
Access authentication state data, user profile data, request data, and information gathered by client-side scripts.