---
title: Authenticate script
description: Connectors continue to be released outside the IDM release. For the latest documentation, refer to the OpenICF documentation.
component: pingidm
version: 7.2
page_id: pingidm:connector-dev-guide:scripts/script-authenticate
canonical_url: https://docs.pingidentity.com/pingidm/7.2/connector-dev-guide/scripts/script-authenticate.html
---

# Authenticate script

|   |                                                                                                                                                                                   |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Connectors continue to be released outside the IDM release. For the latest documentation, refer to the [OpenICF documentation](https://docs.pingidentity.com/openicf/index.html). |

An authenticate script is *required* if you want to use pass-through authentication to the backend resource. If your connector does not need to authenticate to the resource, the authenticate script should allow the `authId` to pass through by default.

A sample authenticate script for an SQL database is provided in `openidm/samples/scripted-sql-with-mysql/tools/AuthenticateScript.groovy`.

* Input variables

  The following variables are available to the authenticate script:

  * configuration

    A handler to the connector's configuration object.

  * options

    A handler to the Operation Options.

  * operation

    An OperationType that corresponds to the action (`AUTHENTICATE`).

  * objectClass

    The object class being used to authenticate, such as `__ACCOUNT__` or `__GROUP__`.

  * username

    A string that provides the username to authenticate.

  * password

    A guarded string that provides the password with which to authenticate.

  * log

    A logger instance for the connector.

* Returns

  The user unique ID (OpenICF `__UID__`). The `type` of the returned UID must be a `string` or a `Uid`. The script must throw an exception in the case of failure.

Authenticate Script

```groovy
def operation = operation as OperationType
def configuration = configuration as ScriptedConfiguration
def username = username as String
def log = log as Log
def objectClass = objectClass as ObjectClass
def options = options as OperationOptions
def password = password as GuardedString;

if (username.equals("TEST")) {
    def clearPassword = SecurityUtil.decrypt(password)
    if ("Passw0rd".equals(clearPassword)) {
        return new Uid(username);
    }
}
```