The OAuthToken object contains the OAuth access token and related identity attributes. The OAuthToken instance is available only for OAuth Groovy script rules.

Groovy sample

def scopes = policyCtx?.context.get("oauth_token")?.scopes
def attr = policyCtx?.context.get("oauth_token")?.attributes
def username = policyCtx?.context.get("oauth_token")?.attributes?.get("username")?.get(0)
exc?.request?.header?.add("x-scopes", "$scopes")
exc?.request?.header?.add("x-attributes", "$attr")
exc?.request?.header?.add("x-username", "$username")

Method summary

Method Description

Instant getExpiresAt()

Contains the expiration instant of the OAuth access token.

Instant getRetrievedAt()

Contains the instant that the OAuth access token was retrieved from PingFederate.

String getTokenType()

Contains the type of OAuth access token. (Bearer, JSON Web Token (JWT)).

String getClientId()

Contains the client ID associated with the OAuth access token.

Set getScopes()

Contains the set of scopes associated with the OAuth access token.

Map<String, List<String> >getAttributes()

Contains a map of identity attributes specific to the user.