Expressions for OAuth and OpenID Connect uses cases
You can use OGNL expressions to retrieve various request-attributes through the HTTP Request Java object.
Client authentication method
The following sample expression retrieves the authentication method that a client uses. This sample expression is applicable to all clients.
#this.get("context.HttpRequest").getObjectValue().getAttribute("com.pingidentity.oauth.client.authnType")
Private key JSON web token (JWT)
In the following sample expressions, the former retrieves a claim value from the private key JWT with which a client authenticates and the latter retrieves the private key JWT itself. They are only applicable to clients using the private_key_jwt authentication method.
- Retrieving the
aud
claim value
#claims = #this.get("context.HttpRequest").getObjectValue().getAttribute("com.pingidentity.oauth.client.jwtClaimsMap"), #claims.get("aud")
- Retrieving the entire private key JWT
#this.get("context.HttpRequest").getObjectValue().getParameter("client_assertion")