Script Claims Value Provider

The Script claims value provider executes custom JavaScript procedures to compute claims dynamically. This provider enables transformation logic, data enrichment, and complex claim calculations based on multiple inputs, offering maximum flexibility for claim generation.

The Script claims provider runs JavaScript code at token issuance time to generate claims. This enables custom business logic, attribute transformation, conditional claim inclusion, and integration patterns that other provider types cannot support.

Use Cases#

The Script claims value provider enables custom claim generation logic and complex transformation scenarios.

Common use cases include:

  • Claim Transformation: Transform or reformat attributes from other sources before including them in tokens, such as normalizing phone numbers or converting data formats
  • Conditional Claims: Apply business logic to determine which claims to include based on user attributes, authentication context, or client properties
  • Data Enrichment: Combine attributes from multiple sources to create derived claims, such as calculating user tiers or generating display names from profile data
  • External API Integration: Call external services or APIs to retrieve real-time data that should be included in tokens
  • Complex Business Rules: Implement organization-specific logic for claim generation that requires custom algorithms or decision trees

Getting Started#

To create a Script claims value provider, sign in to the Admin UI and navigate to ProfilesToken ServiceScopesClaims Providers.

Claims value providers in Admin UI
Claims value providers in Admin UI. (Admin UI version: 10.6)

Select + New Claims Value Provider, give the provider a unique identifier and choose the Script type.

New Script Claims Value Provider configuration in Admin UI
New claims value provider for script in Admin UI. (Admin UI version: 10.6)

Configure the following settings:

  1. Account Manager — Optionally select an account manager if the script needs access to account data
  2. Bucket — Optionally select a bucket if the script needs to store or retrieve data
  3. Data Source — Optionally select a data source if the script needs to query external data repositories
  4. Webservice — Enable if the script needs to call external web services or REST APIs
  5. Procedure — Select or create a JavaScript procedure that generates the claims
Configure Script Claims Value Provider configuration in Admin UI
Configure claims value provider for script in Admin UI. (Admin UI version: 10.6)

The procedure executes when tokens are issued and must return a map of key-value pairs representing the claims to include.

Script Requirements#

The Script claims value provider requires:

  • A JavaScript procedure configured under Scripting Guide
  • The procedure must return an object containing claim names and values
  • Access to the authentication context and subject attributes within the script

Script claims value providers can access authentication context, subject attributes, and other available data through the procedure context. The returned claims depend entirely on the script implementation.

For more information on writing JavaScript procedures for claims providers, see Scripting Guide and Claims Value Provider Procedures .

Was this helpful?