PingAM

Scope validation scripting API

The following bindings are available to Scope validation scripts:

This script can be either a legacy or a next-generation script. It has access to all the common bindings for its scripting context.

Learn about converting existing scripts in Migrate OAuth scripts to next-generation scripts.
Binding Description Legacy type Next-generation type

allowedScopes

The scopes AM allows this client to request.

Set of Strings

List of Strings

availableScopes

All the scopes configured on the client making the request.

Set of Strings

List of Strings

defaultScopes

The scopes configured as defaults for this client.

Set of Strings

List of Strings

requestedScopes

The scopes in the client request.

Set of Strings

List of Strings

scopeValidatorHelper

The helper object that provides context information for the scope validation script.

Use the inheritAccessTokenScopesOnRefresh() method to ensure a refresh token inherits the scopes currently granted to the associated access token. You must call this from within the scripted validator’s validateRefreshTokenScope() function. If this method isn’t called, the refresh token retains its originally granted scopes by default.

Use the throwInvalidScope() method to throw an InvalidScopeException when the script identifies an unauthorized or malformed scope request.

Methods 
public void inheritAccessTokenScopesOnRefresh()

public void throwInvalidScope(String message) throws InvalidScopeException

Not available

A ScopeValidatorHelper object