PingFederate Server

Expressions for OAuth and OpenID Connect uses cases

You can use OGNL expressions to retrieve various request-attributes through the HTTP Request Java object.

Client authentication method

The following sample expression retrieves the authentication method that a client uses. This sample expression is applicable to all clients.

#this.get("context.HttpRequest").getObjectValue().getAttribute("com.pingidentity.oauth.client.authnType")

Private key JSON web token (JWT)

In the following sample expressions, the former retrieves a claim value from the private key JWT with which a client authenticates and the latter retrieves the private key JWT itself. They are only applicable to clients using the private_key_jwt authentication method.

Retrieving the aud claim value
#claims = #this.get("context.HttpRequest").getObjectValue().getAttribute("com.pingidentity.oauth.client.jwtClaimsMap"),
#claims.get("aud")
Retrieving the entire private key JWT
#this.get("context.HttpRequest").getObjectValue().getParameter("client_assertion")