Scripting API
AM provides the following scriptable extension points. Each extension point is associated with a script type, or context.
Manage scripts through the AM admin UI or the /scripts endpoint using REST calls.
- Configuration Provider node scripts
-
Build a configuration map with custom values and add it to the authentication flow using a Configuration Provider node.
- Scripted Decision node API
-
Access data in request headers, shared state, and authenticated session data.
- Policy condition scripting API
-
Access the authorization state data, the information pertaining a session, and the user’s profile data in authorization policies.
- Customize OAuth 2.0
-
Extend OAuth 2.0 authorization server behavior:
-
Access token modification Modify the key-value pairs contained within an OAuth 2.0 access token.
-
Authorize endpoint data provider Return additional data from an authorization request.
-
Scope evaluation Evaluate and return an OAuth2 access token’s scope information.
-
Scope validation Customize the set of requested scopes for authorize, access token, refresh token and back channel authorize requests.
-
OIDC claims Map scopes to claims and data for OIDC tokens.
-
- Customize dynamic client registration
-
Customize an OAuth 2.0 / OIDC dynamic client after a registration request.
- Token exchange
-
Add
may_actclaims to OAuth 2.0 / OIDC exchanged tokens. - Customize SAML 2.0
-
Extend SAML 2.0 functionality:
-
IdP attribute mapper Map user-configured attributes to SAML attribute objects.
-
IdP adapter Customize the processing of the authentication request on the IdP.
-
SP account mapper Customize how SAML 2.0 assertions are mapped to user profiles.
-
NameID mapper Customize the value of the NameID attribute returned in the SAML assertion.
-
SP adapter Customize the processing of the authentication request on the SP.
-
- PingOne Verify Completion Decision node
-
Access information about the PingOne Verify transactions the user has performed and manage the associated user account in PingOne.