Dynamic Scope#
The dynamic scope custom script allows the authorization server to generate a list of claims (and their values) on the fly, depending on circumstances such as the ID of the client requesting it, authenticated user's session parameters, values of other users' attributes, results of some calculations implementing specific business logic and/or requests to remote APIs or databases. Claims are then returned the usual way in a response to a call to the /userinfo endpoint.
Interface#
The dynamic scope script implements the DynamicScopeType interface. This extends methods from the base script type in addition to adding new methods:
Inherited Methods#
| Method header | Method description |
|---|---|
def init(self, customScript, configurationAttributes) |
This method is only called once during the script initialization. It can be used for global script initialization, initiate objects etc |
def destroy(self, configurationAttributes) |
This method is called once to destroy events. It can be used to free resource and objects created in the init() method |
def getApiVersion(self, configurationAttributes, customScript) |
The getApiVersion method allows API changes in order to do transparent migration from an old script to a new API. Only include the customScript variable if the value for getApiVersion is greater than 10 |
New Methods#
| Method header | Method description |
|---|---|
def update(self, dynamicScopeContext, configurationAttributes) |
Main dynamic scope method. Peforms any needed logic, updates JSON Web Token and returns True if dynamic scope was added successfully, false otherwise. |
def getSupportedClaims(self, configurationAttributes) |
Returns an array of claims that are allowed to be added by the custom script |
Objects#
| Object name | Object description |
|---|---|
customScript |
The custom script object. Reference |
configurationAttributes |
configurationProperties passed in when adding custom script. Map<String, SimpleCustomProperty> configurationAttributes |
SimpleCustomProperty |
Map of configuration properties. Reference |
dynamicScopeContext |
Reference |
Use case: Add dynamic scope with the org_name claim#
This script has been adapted from the Gluu Server sample dynamic scope script
Script Type: Python#
# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
# Copyright (c) 2016, Janssen
#
# Author: Yuriy Movchan
#
from io.jans.model.custom.script.type.scope import DynamicScopeType
from io.jans.as.server.service import UserService
from io.jans.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
import java
class DynamicScope(DynamicScopeType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, customScript, configurationAttributes):
print "Dynamic scope. Initialization"
print "Dynamic scope. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Dynamic scope. Destroy"
print "Dynamic scope. Destroyed successfully"
return True
# Update Json Web token before signing/encrypring it
# dynamicScopeContext is io.jans.as.service.external.context.DynamicScopeExternalContext
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def update(self, dynamicScopeContext, configurationAttributes):
print "Dynamic scope. Update method"
dynamicScopes = dynamicScopeContext.getDynamicScopes()
authorizationGrant = dynamicScopeContext.getAuthorizationGrant()
user = dynamicScopeContext.getUser()
jsonWebResponse = dynamicScopeContext.getJsonWebResponse()
claims = jsonWebResponse.getClaims()
# Add organization name if there is scope = org_name
claims.setClaim("org_name", "Janssen, Inc.")
return True
def getSupportedClaims(self, configurationAttributes):
return Arrays.asList("org_name")
def getApiVersion(self):
return 11
Script Type: Java#
import java.util.List;
import java.util.Map;
import java.util.Arrays;
import java.util.ArrayList;
import io.jans.model.SimpleCustomProperty;
import io.jans.model.custom.script.model.CustomScript;
import io.jans.service.custom.script.CustomScriptManager;
import io.jans.model.custom.script.type.scope.DynamicScopeType;
import io.jans.as.server.service.external.context.DynamicScopeExternalContext;
import io.jans.as.model.token.JsonWebResponse;
import io.jans.as.model.jwt.JwtClaims;
import io.jans.util.StringHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class DynamicScope implements DynamicScopeType {
private static final Logger log = LoggerFactory.getLogger(DynamicScope.class);
@Override
public boolean init(Map<String, SimpleCustomProperty> configurationAttributes) {
log.info("Dynamic Scope. Initializing...");
log.info("Dynamic Scope. Initialized");
return true;
}
@Override
public boolean init(CustomScript customScript, Map<String, SimpleCustomProperty> configurationAttributes) {
log.info("Dynamic Scope. Initializing...");
log.info("Dynamic Scope. Initialized");
return true;
}
@Override
public boolean destroy(Map<String, SimpleCustomProperty> configurationAttributes) {
log.info("Dynamic Scope. Destroying...");
log.info("Dynamic Scope. Destroyed.");
return true;
}
@Override
public int getApiVersion() {
return 11;
}
@Override
public boolean update(Object dynamicScopeContext, Map<String, SimpleCustomProperty> configurationAttributes) {
log.info("Dynamic Scope. Updating...");
DynamicScopeExternalContext dynamicContext = (DynamicScopeExternalContext) dynamicScopeContext;
ArrayList<String> dynamicScopes = (ArrayList<String>) dynamicContext.getDynamicScopes();
JsonWebResponse jwt = dynamicContext.getJsonWebResponse();
JwtClaims claims = jwt.getClaims();
log.info("Dynamic Scope. Dynamic scopes: " + dynamicScopes.toString());
for (String dynamicScope : dynamicScopes) {
if (StringHelper.equalsIgnoreCase(dynamicScope, "org_name")) {
claims.setClaim("org_name", "Test Value");
continue;
}
}
return true;
}
@Override
public List<String> getSupportedClaims(Map<String, SimpleCustomProperty> configurationAttributes) {
return Arrays.asList("org_name");
}
}
