Manage scripts (REST)

AM provides the scripts endpoint to manage scripts using REST calls.

User-created scripts are realm-specific, so you must include the realm when you call the endpoint, for example, /json{/realm}/scripts. If you don’t specify a realm in the URI, AM uses the Top Level Realm.

AM includes some global example scripts that you can use in any realm.

Scripts are represented in JSON and are built from standard JSON objects and values (strings, numbers, objects, sets, arrays, true, false, and null). Each script has a system-generated universally unique identifier (UUID), which you must specify when modifying existing scripts. Renaming a script won’t affect the UUID.

Example script:

{
  "_id": "01e1a3c0-038b-4c16-956a-6c9d89328cff",
  "name": "Authentication Tree Decision Node Script",
  "description": "Default global script for a scripted decision node",
  "script": "LyoKICAtIERhdGE...",
  "default": true,
  "language": "JAVASCRIPT",
  "context": "AUTHENTICATION_TREE_DECISION_NODE",
  "createdBy": "id=dsameuser,ou=user,ou=am-config",
  "creationDate": 1433147666269,
  "lastModifiedBy": "id=dsameuser,ou=user,ou=am-config",
  "lastModifiedDate": 1433147666269,
  "evaluatorVersion": "1.0"
}

The values for the fields shown in the example are explained below:

_id

The UUID that AM generates for the script.

name

The name provided for the script.

description

An optional text string to help identify the script.

script

The source code of the script. The source code is in UTF-8 format and encoded into Base64.

For example, a script such as the following:

var a = 123;
var b = 456;

When encoded into Base64 becomes:

dmFyIGEgPSAxMjM7IA0KdmFyIGIgPSA0NTY7

default

Whether the script is the default script for the context.

language

The language the script is written in: JAVASCRIPT or GROOVY. The script context determines the supported language(s).

context

The context type of the script.

context

The context type of the script.

Supported context values
Value	Description
`AUTHENTICATION_CLIENT_SIDE`	Client-side authentication script.
`AUTHENTICATION_SERVER_SIDE`	Server-side authentication script.
`AUTHENTICATION_TREE_DECISION_NODE`	Legacy authentication scripts used by Scripted Decision nodes and Device Match nodes.
`CONFIG_PROVIDER_NODE`	Configuration Provider node script.
`CONFIG_PROVIDER_NODE_NEXT_GEN`	Next-generation Configuration Provider node script.
`DEVICE_MATCH_NODE`	Next-generation authentication scripts used by Device Match nodes.
`LIBRARY`	Reuse code with a library script.
`OAUTH2_ACCESS_TOKEN_MODIFICATION`	Access token modification script.
`OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER`	Script to enhance the data returned from the OAuth 2.0 provider in the authorization request.
`OAUTH2_DYNAMIC_CLIENT_REGISTRATION`	Script to customize dynamic client registration.
`OAUTH2_EVALUATE_SCOPE`	Script to customize the scopes in an OAuth 2.0 access token.
`OAUTH2_MAY_ACT`	Script to add `may_act` claims to tokens for token exchange.
`OAUTH2_SCRIPTED_JWT_ISSUE`	Script to configure a trusted JWT issuer.
`OAUTH2_VALIDATE_SCOPE`	Script to validate the requested scopes.
`OIDC_CLAIMS`	Modify OIDC claims when issuing an ID token or calling the `/userinfo` endpoint.
`PINGONE_VERIFY_COMPLETION_DECISION_NODE`	Next-generation PingOne Verify Completion Decision node script.
`POLICY_CONDITION`	Legacy scripted conditions for authorization policies.
`POLICY_CONDITION_NEXT_GEN`	Next-generation scripted conditions for authorization policies.
`SAML2_IDP_ADAPTER`	Script for customizing the authentication request in a SAML 2.0 journey.
`SAML2_IDP_ATTRIBUTE_MAPPER`	Script for customizing SAML 2.0 attribute mapping.
`SAML2_NAMEID_MAPPER`	Next-generation script to customize the NameID attribute returned in the SAML assertion.
`SAML2_SP_ADAPTER`	Script for customizing the authentication request on the SP side in a SAML 2.0 journey.
`SCRIPTED_DECISION_NODE`	Next-generation authentication scripts used by Scripted Decision nodes.
`SOCIAL_IDP_PROFILE_TRANSFORMATION`	Map fields from the social IdP to fields expected by PingAM.

createdBy

A string containing the universal identifier DN of the subject that created the script.

creationDate

An integer containing the creation date and time, in ISO 8601 format.

lastModifiedBy

A string containing the universal identifier DN of the subject that most recently updated the resource type.

If the script has not been modified since it was created, this property will have the same value as createdBy.

lastModifiedDate

A string containing the last modified date and time, in ISO 8601 format.

If the script has not been modified since it was created, this property will have the same value as creationDate.

evaluatorVersion

A number representing the script engine version: 1.0 for legacy or 2.0 for next-generation. Refer to Next-generation scripts for details.

When invalid or unspecified, the value defaults to 1.0 for all script types except library scripts, which are always 2.0 (next-generation).

PingAM

Manage scripts (REST)