--- title: Variables description: "#root refers to the root context and #this refers to the current evaluation context object. Both are internal variables." component: pingone page_id: pingone:pingone_expression_language:p1_expressionlang_variables canonical_url: https://docs.pingidentity.com/pingone/pingone_expression_language/p1_expressionlang_variables.html revdate: February 07, 2025 section_ids: root-and-this-variables: "#root and #this variables" authentication-jwt-variables: Authentication JWT variables custom-properties: Custom properties custom-library-variables: Custom library variables --- # Variables ## `#root` and `#this` variables `#root` refers to the root context and `#this` refers to the current evaluation context object. Both are internal variables. You can also use these variables to access any data model property references available to you. For example, `user.name.given`, `#root.user.name.given`, or `#this.user.name.given`. `#root` is useful in the following scenarios: * Defining a map key with a base property name's value. Learn more in [Maps and objects](p1_expressionlang_maps_objects.html). * Accessing a property from the root context from within array or collection operations, such as projections or filtering, which is outside the current evaluation context. For example, `user.memberOfGroupNames.![#root.user.email + ' - ' + #this]`. `#this` is useful within array or collection operations, such as projections or filtering, especially when the collections contain string, boolean, or number types instead of objects. For example, `user.memberOfGroupNames.![#string.upperCase(#this)]`. Within the projection operator, `#this` refers to the array element being iterated. If `user.memberOfGroupNames` is a string array, `#this` represents each string element being iterated within the projection operator. ## Authentication JWT variables You can use variables to retrieve information from the token endpoint authentication JSON Web Token (JWT) and authentication method itself for access token and ID token fulfillment. Expressions are supported when using the private key JWT and client secret JWT token endpoint authentication methods. Learn more in [Token endpoint authentication methods](../applications/p1_token_endpoint_authentication_methods.html). Use variables in expressions to retrieve information in the following configurations: * [Custom resources](../applications/p1_adding_custom_resource.html) to fulfill access tokens * [OpenID Connect (OIDC) resources](../applications/p1_edit_oidc_resource.html) to fulfill ID tokens * [OIDC-based applications](../applications/p1_editing_applications.html) to override ID token fulfillment The following variables are available in the expression builder: | Variable | Description | | ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `#root.context.requestData.clientAssertion` | The authentication JWT payload sent by the application at the token endpoint. | | `#root.context.requestData.clientAssertion.` | The value of `` from the authentication JWT payload sent by the application at the token endpoint. | | `#root.context.requestData.clientAssertionHeader` | The authentication JWT header sent by the application at the token endpoint. | | `#root.context.requestData.clientAssertionHeader.` | The value of `` from the header of the authentication JWT sent by the application at the token endpoint. | | `#root.context.requestData` | The authentication JWT header and payload sent by the application at the token endpoint. | | `#root.context.appConfig.tokenEndpointAuthMethod` | The token endpoint authentication method of the requesting application. Learn more in [Token endpoint authentication methods](../applications/p1_token_endpoint_authentication_methods.html).Possible values are:- `PRIVATE_KEY_JWT` - `CLIENT_SECRET_JWT` - `null` if the application isn't configured to use either `PRIVATE_KEY_JWT` or `CLIENT_SECRET_JWT`. Learn more in [Null safe usage](p1_expressionlang_null_safe_usage.html). | ### Custom properties You can use the following custom property types with authentication JWT variables: | Custom Property Type | Description | | ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | String or numeric value | Add the custom property to the variable to access the value. For example, if the payload contains a property named custom1, add `custom1` to the payload variable: `#root.context.requestData.clientAssertion.custom1`. | | Array | Add the custom property followed by `[n]` to the variable to access the nth element, where n starts with 0 for the first element. For example, `#root.context.requestData.clientAssertion.custom1[n]`. | | Nested JSON object | Add the custom property followed by `.x` or `['x']` to the variable, where x is the nested property name. For example, `#root.context.requestData.clientAssertion.custom1.x` or `#root.context.requestData.clientAssertion.custom1['x']`. | ## Custom library variables Additional internal variables are available for use in expressions, which are references to the custom libraries covered in [Custom library functions](p1_expressionlang_custom_library_functions.html). The following variable references are available to custom libraries: | Reference | Description | | ----------- | ---------------------------------------------------------------------------------------------------- | | `#string` | Function for string-based operations. | | `#data` | Functions for processing arrays. | | `#datetime` | Functions for parsing and processing date values. All input and output dates are in ISO 8601 format. | | `#regex` | Functions using regular expressions. | | `#crypto` | Functions for crypto operations, such as hashing and more in the future. |