PingAM

Dynamic client registration scripting API

The following bindings are available to dynamic client registration scripts.

The dynamic client registration script is a next-generation script and, therefore, has access to all the next-generation common bindings in addition to those described here.
Binding Description

requestProperties

A map of the properties in the request. Always present.

The keys in the map are as follows:

  • requestUri: The URI of the request.

  • realm: The realm where the request was made.

  • requestParams: The request parameters and posted data where each value is a list of one or more properties.

  • requestHeaders: A map of the request headers. Header names are case-sensitive.

  • requestBody: A map representing the body of the request.

    To mitigate the risk of reflection-type attacks, use OWASP best practices when handling these properties. Find an example in Unsafe use of Reflection.

operation

The dynamic client registration request operation as a String. Possible values: CREATE, UPDATE, and DELETE.

clientIdentity

The ScriptedClient that represents the created or updated client.

Use methods such as isAIAgent, setRedirectURIs, and setScope to check or modify the client profile.

Example
if (clientIdentity != null) {
  clientIdentity.setRedirectURIs(["http://www.example.com/redirect"]);
  clientIdentity.setGrantTypes(["client_credentials", "device_code"]);
  clientIdentity.setClientType("Public");
  clientIdentity.setAuthorizationCodeLifeTime(6000);
  clientIdentity.setClientUri(["http://www.example.com/client"]);
  clientIdentity.setDisplayName(["Test"]);
  clientIdentity.setDefaultScopes(["scope_a", "scope_b"]);
  clientIdentity.setClientDescription(["Test"]);
  clientIdentity.setLogoUri(["http://www.example.com/logo"]);
  clientIdentity.setPolicyUri(["http://www.example.com/policy"]);
  clientIdentity.setTosUri(["http://www.example.com/tos"]);

  if (clientIdentity.isAIAgent()) {
    clientIdentity.setClientName(["Test AI Agent"]);
  } else {
    clientIdentity.setClientName(["Test OAuth2 Client"]);
  }
  clientIdentity.store();
}

When AM is integrated with PingIDM, you can use the following methods to access AI agent identity attributes:

getAiAgentIdentityAttributes()

Returns the AI agent identity attributes for the client as a map. If the client isn’t an AI agent, this method returns null.

updateAiAgentIdentityAttributes(attributes)

Patches the underlying PingIDM object with the supplied attributes map. The supplied attributes are merged with existing ones, so you don’t need to retrieve the full attribute set first. To remove an existing key, supply null as its value. If the client isn’t an AI agent, this method has no effect.

Example AI agent identity attribute methods
if (operation === "CREATE" && clientIdentity.isAIAgent()) {
  // Output the default AI agent attributes
  logger.debug("AI attributes: " + clientIdentity.getAiAgentIdentityAttributes());
  // Define new custom attribute values
  var attribs = {
    "description": "Example description",
    "customAttributes": {
        "foo": "bar"
    }
  };
  // Update the AI agent identity with custom attribute values
  try {
    clientIdentity.updateAiAgentIdentityAttributes(attribs);
  } catch (e) {
      logger.error("Failed to update AI agent identity attributes", e);
  }
}
This binding is null if the operation is DELETE.

softwareStatement

A map representing the decoded JWT of the software statement from the request, including the issuer and required claims.

This is an empty map if no software statement is provided.