Logout Status Jwt#
By overriding the interface methods in LogoutStatusJwtType
inside a custom script you can
-
Enable transformation of claims and values in logout_status_jwt, e.g. add a custom claim to an
logout_status_jwt
, change thesub
value, or remove thenonce
. -
Set a specific logout_status_jwt lifetime
Interface#
Methods#
The LogoutStatusJwtType interception script extends the base script type with the init
, destroy
and getApiVersion
methods:
Inherited Methods | Method description |
---|---|
def init(self, customScript, configurationAttributes) |
This method is only called once during the script initialization. It can be used for global script initialization, initiate objects etc |
def destroy(self, configurationAttributes) |
This method is called once to destroy events. It can be used to free resource and objects created in the init() method |
def getApiVersion(self, configurationAttributes, customScript) |
The getApiVersion method allows API changes in order to do transparent migration from an old script to a new API. Only include the customScript variable if the value for getApiVersion is greater than 10 |
The configurationAttributes
parameter is java.util.Map<String, SimpleCustomProperty>
.
The LogoutStatusJwtType interception script also adds the following method(s):
Method | Method description |
---|---|
def modifyPayload(self, jsonWebResponse, context) |
Used to modify logout_status_jwt claims. jsonWebResponse is io.jans.as.model.token.JsonWebResponse context is io.jans.as.server.service.external.context.ExternalScriptContext |
def getLifetimeInSeconds(self, context) |
Used to provide lifetime of logout_status_jwt. Value must be more then 0 or otherwise it's ignored by AS. (Lifetime will be set by logoutStatusJwtLiftime global AS configuration property.)context is io.jans.as.server.service.external.context.ExternalScriptContext |
Common Use Case#
Script Type: Java#
Add/Modify claims inside logout_status_jwt#
import io.jans.as.model.token.JsonWebResponse;
import io.jans.as.server.service.external.context.ExternalScriptContext;
import io.jans.model.SimpleCustomProperty;
import io.jans.model.custom.script.model.CustomScript;
import io.jans.model.custom.script.type.token.LogoutStatusJwtType;
import io.jans.service.custom.script.CustomScriptManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Map;
/**
* @author Yuriy Z
*/
public class LogoutStatusJwt implements LogoutStatusJwtType {
private static final Logger scriptLogger = LoggerFactory.getLogger(CustomScriptManager.class);
/**
*
* @param jsonWebResponse refers to io.jans.as.model.token.JsonWebResponse
* @param context refers to io.jans.as.server.service.external.context.ExternalScriptContext
* @return true if logout_status_jwt should be created or false to forbid logout_status_jwt creation.
*/
@Override
public boolean modifyPayload(Object jsonWebResponse, Object context) {
ExternalScriptContext scriptContext = (ExternalScriptContext) context;
JsonWebResponse jwr = (JsonWebResponse) jsonWebResponse;
jwr.getClaims().setClaim("custom_claim", "custom_value");
return true;
}
/**
*
* @param context context refers to io.jans.as.server.service.external.context.ExternalScriptContext
* @return lifetime of logout_status_jwt in seconds. It must be more then 0 or otherwise it will be ignored by server.
*/
@Override
public int getLifetimeInSeconds(Object context) {
boolean condition = false; // under some condition return 1 day lifetime
if (condition) {
return 86400;
}
return 0;
}
@Override
public boolean init(Map<String, SimpleCustomProperty> configurationAttributes) {
scriptLogger.info("Initialized LogoutStatusJwt Java custom script.");
return true;
}
@Override
public boolean init(CustomScript customScript, Map<String, SimpleCustomProperty> configurationAttributes) {
scriptLogger.info("Initialized LogoutStatusJwt Java custom script.");
return true;
}
@Override
public boolean destroy(Map<String, SimpleCustomProperty> configurationAttributes) {
scriptLogger.info("Destroyed LogoutStatusJwt Java custom script.");
return false;
}
@Override
public int getApiVersion() {
return 11;
}
}