PingAM 7.5.0

OAuth 2.0 scopes policy script API

To customize OAuth 2.0 scope decisions, configure the oauth2Scopes policy with an environment script condition that references an OAuth 2.0 policy condition script.

The following JavaScript writes the ID of the OAuth 2.0 client to the debug log and then authorizes the request:

logger.message("Client ID: " + environment.get("clientId"));
authorized=true;

OAuth 2.0 policy condition scripts can access the bindings available to the policy condition script API, except for the environment object. Instead of an IP property, this object returns the ID for the client making the authorization request.

For example, the following shows an environment map with a single entry:

"environment": {
    "clientId": [
        "MyOAuth2Client"
    ]
}