PingOne Advanced Identity Cloud

Scope validation scripting API

The following bindings are available to Scope validation scripts:

This script can be either a legacy or a next-generation script. It has access to all the common bindings for its scripting context.

Learn about converting existing scripts in Migrate OAuth scripts to next-generation scripts.

Binding Description Legacy type Next-generation type

allowedScopes

The scopes Advanced Identity Cloud allows this client to request.

Set of Strings

List of Strings

availableScopes

All the scopes configured on the client making the request.

Set of Strings

List of Strings

clientProperties

A map of properties configured in the client profile. Only present if the client was correctly identified.

Find information about the keys in Access client properties.

Map

Map

defaultScopes

The scopes configured as defaults for this client.

Set of Strings

List of Strings

identity

Represents an identity that Advanced Identity Cloud can access.

Find examples of how to use the binding in Access profile data.

An AMIdentity object.

A wrapper object for a scripted identity.

requestedScopes

The scopes in the client request.

Set of Strings

List of Strings

requestProperties

A read-only object (map) of the request properties.

Learn more in Access request properties.

Map

Map

scopeValidatorHelper

The helper object that provides context information for the scope validation script.

Use the inheritAccessTokenScopesOnRefresh() method to ensure a refresh token inherits the scopes currently granted to the associated access token. You must call this from within the scripted validator’s validateRefreshTokenScope() function. If this method isn’t called, the refresh token retains its originally granted scopes by default.

Use the throwInvalidScope() method to throw an InvalidScopeException when the script identifies an unauthorized or malformed scope request.

Methods
public void inheritAccessTokenScopesOnRefresh()

public void throwInvalidScope(String message) throws InvalidScopeException

Not available

A ScopeValidatorHelper object

session

A representation of the user’s SSO session object.

An SSOToken object.

A ScriptedSession object.

Methods
public String getProperty(String name)
public void setProperty(String name, String value)