Variables
#root and #this variables
#root refers to the root context and #this refers to the current evaluation context object. Both are internal variables.
You can also use these variables to access any data model property references available to you. For example, user.name.given, #root.user.name.given, or #this.user.name.given.
#root is useful in the following scenarios:
-
Defining a map key with a base property name’s value. Learn more in Maps and objects.
-
Accessing a property from the root context from within array or collection operations, such as projections or filtering, which is outside the current evaluation context. For example,
user.memberOfGroupNames.![#root.user.email + ' - ' + #this].
#this is useful within array or collection operations, such as projections or filtering, especially when the collections contain string, boolean, or number types instead of objects. For example, user.memberOfGroupNames.![#string.upperCase(#this)].
Within the projection operator, #this refers to the array element being iterated. If user.memberOfGroupNames is a string array, #this represents each string element being iterated within the projection operator.
Authentication JWT variables
You can use variables to retrieve information from the token endpoint authentication JSON Web Token (JWT) and authentication method itself for access token and ID token fulfillment. Expressions are supported when using the private key JWT and client secret JWT token endpoint authentication methods. Learn more in Token endpoint authentication methods.
Use variables in expressions to retrieve information in the following configurations:
-
Custom resources to fulfill access tokens
-
OpenID Connect (OIDC) resources to fulfill ID tokens
-
OIDC-based applications to override ID token fulfillment
The following variables are available in the expression builder:
| Variable | Description |
|---|---|
|
The authentication JWT payload sent by the application at the token endpoint. |
|
The value of |
|
The authentication JWT header sent by the application at the token endpoint. |
|
The value of |
|
The authentication JWT header and payload sent by the application at the token endpoint. |
|
The token endpoint authentication method of the requesting application. Learn more in Token endpoint authentication methods. Possible values are:
|
Custom properties
You can use the following custom property types with authentication JWT variables:
| Custom Property Type | Description |
|---|---|
String or numeric value |
Add the custom property to the variable to access the value. For example, if the payload contains a property named custom1, add |
Array |
Add the custom property followed by |
Nested JSON object |
Add the custom property followed by |
Custom library variables
Additional internal variables are available for use in expressions, which are references to the custom libraries covered in Custom library functions.
The following variable references are available to custom libraries:
| Reference | Description |
|---|---|
|
Function for string-based operations. |
|
Functions for processing arrays. |
|
Functions for parsing and processing date values. All input and output dates are in ISO 8601 format. |
|
Functions using regular expressions. |
|
Functions for crypto operations, such as hashing and more in the future. |