PingOne Advanced Identity Cloud

Manage scripts over REST

PingOne Advanced Identity Cloud provides the /scripts endpoint to manage scripts using REST calls.

Scripts are represented in JSON using standard JSON objects and values.

Each script is identified by a system-generated universally unique identifier (UUID), which must be specified when reading or updating existing scripts. Renaming a script doesn’t affect the UUID.

{
  "_id": "aeb22d32-100c-46c0-ac51-af571889e5b9",
  "name": "MyJavaScript",
  "description": "An example script",
  "script": "dmFyIGEgPSAxMjM7CnZhciBiID0gNDU2Ow==",
  "default": false,
  "language": "JAVASCRIPT",
  "context": "POLICY_CONDITION",
  "createdBy": "null",
  "creationDate": 0,
  "lastModifiedBy": "null",
  "lastModifiedDate": 0,
  "evaluatorVersion": "1.0"
}

The values for the fields shown in the example are explained below:

_id

The UUID that PingOne Advanced Identity Cloud generates for the script.

name

The name provided for the script.

description

An optional text string to help identify the script.

script

The source code of the script. The source code is in UTF-8 format and encoded into Base64.

For example, the following script:

var a = 123;
var b = 456;

becomes dmFyIGEgPSAxMjM7IA0KdmFyIGIgPSA0NTY7 when encoded into Base64.

default

Whether the script is a default script (true) that applies to all realms, or custom (false).

language

The language the script is written in: JAVASCRIPT.

context

The context type of the script.

Table 1. Supported context values
Value Description

AUTHENTICATION_CLIENT_SIDE

Client-side authentication script

AUTHENTICATION_SERVER_SIDE

Server-side authentication script

AUTHENTICATION_TREE_DECISION_NODE

Legacy authentication scripts used by Scripted Decision nodes and Device Match nodes

CONFIG_PROVIDER_NODE

Configuration Provider node script

DEVICE_MATCH_NODE

Next-generation authentication scripts used by Device Match nodes

OAUTH2_ACCESS_TOKEN_MODIFICATION

Access token modification script

OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER

Script to enhance the data returned from the OAuth 2.0 provider in the authorization request

OAUTH2_EVALUATE_SCOPE

Script to customize the scopes in an OAuth 2.0 access token

OAUTH2_MAY_ACT

Script to add may_act claims to tokens for token exchange

OAUTH2_SCRIPTED_JWT_ISSUE

Script to configure a trusted JWT issuer

OAUTH2_VALIDATE_SCOPE

Script to validate the requested scopes

OIDC_CLAIMS

Modify OIDC claims when issuing an ID token or calling the /userinfo endpoint

LIBRARY

Reuse code with a library script

POLICY_CONDITION

Legacy scripted conditions for authorization policies

POLICY_CONDITION_NEXT_GEN

Next-generation scripted conditions for authorization policies

SAML2_IDP_ADAPTER

Script for customizing the authentication request in a SAML 2.0 journey

SAML2_IDP_ATTRIBUTE_MAPPER

Script for customizing SAML 2.0 attribute mapping

SAML2_NAMEID_MAPPER

Next-generation script to customize the NameID attribute returned in the SAML assertion

SAML2_SP_ADAPTER

Script for customizing the authentication request on the SP side in a SAML 2.0 journey

SCRIPTED_DECISION_NODE

Next-generation authentication scripts used by Scripted Decision nodes

SOCIAL_IDP_PROFILE_TRANSFORMATION

Map fields from the social IDP to fields expected by PingOne Advanced Identity Cloud
createdBy

A string containing the universal identifier DN of the subject that created the script, or null when not used in PingOne Advanced Identity Cloud.

creationDate

An integer containing the creation date and time, in ISO 8601 format, or 0 when not used in PingOne Advanced Identity Cloud.

lastModifiedBy

A string containing the universal identifier DN of the subject that most recently updated the resource type, or null when not used in PingOne Advanced Identity Cloud.

If the script has not been modified since it was created, this property will have the same value as createdBy.

lastModifiedDate

A string containing the last modified date and time, in ISO 8601 format, or 0 when not used in PingOne Advanced Identity Cloud.

If the script has not been modified since it was created, this property will have the same value as creationDate.

evaluatorVersion

A number representing the script engine version: 1.0 for legacy or 2.0 for next-generation. Refer to Next-generation scripts for details.

When invalid or unspecified, the value defaults to 1.0 for all script types except library scripts, which are always 2.0 (next-generation).