OIDC claims scripting API
The following bindings are available to OIDC claims scripts:
|
This script can be either a legacy or a next-generation script. It has access to all the common bindings for its scripting context. Learn about converting existing scripts in Migrate OAuth scripts to next-generation scripts. |
| Binding | Description | Legacy | Next-generation |
|---|---|---|---|
|
An object (map) of the default OIDC claims AM provides. The keys are the claim strings. The values are the claim value objects. |
Map |
Map |
|
An array of string values from the Learn more in Claims Languages and Scripts in the OpenID Connect Core 1.0 specification. |
Array of Strings |
Array of Strings |
|
The default OIDC claims AM provides. |
An array of claim objects. |
Not available |
|
A map of properties configured in the client profile. Only present if the client was correctly identified. Find information about the keys in Access client properties. |
Map |
Map |
|
Represents an identity that AM can access. Find information about how to use the binding in Access profile data. |
An AMIdentity object. |
A wrapper object for a scripted identity. |
|
An object (map) of requested claims.
This is empty unless the request includes the Under Native Consoles > Access Management, go to Realms > Realm Name > Services > OAuth2 Provider > Advanced OpenID Connect. Enable Enable "claims_parameter_supported" and save your change. Find more information about the |
Map of Set objects |
Map of List objects |
|
This is empty unless the request includes claims. A claim with a single value means the script should return only that value. |
An array of the requested claims objects. |
Not available. Use |
|
A read-only object (map) of the request properties. Learn more in Access request properties. |
Map |
Map |
|
The set of scopes in the client request. |
Set of Strings |
List of Strings |
|
A representation of the user’s SSO session object. |
An SSOToken object. |
A Methods |