Claims Value Provider Procedures#

Claims value provider script procedures are used to provide claims values during OIDC and OAuth 2.0 token issuance.

A claims value provider script must contain a result function. This function has a single context parameter of type ClaimsProviderProcedureContext. In addition to the context parameter, the function also has access to the common procedure API .

The result function must return a JavaScript object with the attributes that will be used to compute the claim value, as defined in Claim Configuration .

Example#

The following script exemplifies a claims value provider procedure that uses both user attributes and client properties to compute the output attributes

/**
 * @param {se.curity.identityserver.procedures.claims.ClaimsProviderProcedureContext} context
 */
function result(context) {

  // Read the role and region from the user account
  var dataSource = context.getAttributeDataSource();
  var dataSourceAttributes = dataSource.getAttributes(context.subjectAttributes.subject);
  var account = dataSourceAttributes.getRow(0);
  var accountAttributes = JSON.parse(account.attributes);
  if (!accountAttributes) {
    return {};
  }

  // Also include client properties
  return {
    region: accountAttributes.region || '',
    client_type: context.client.properties.client_type || '',
    client_assurance_level: context.client.properties.client_assurance_level || 0,
  }
}

Configuration#

To configure a claims value provider script procedure:

First, create the script procedure as documented in Scripting .
Then, follow the instructions at Script Claims Value Provider to start using the previous script in a claims value provider.

Administration

System and Operation

Facilities

Profiles

Developer Guide

Configuration Reference

Claims Value Provider Procedures#

Example#

Configuration#