Manage scripts over REST

PingOne Advanced Identity Cloud provides the /scripts endpoint to manage scripts using REST calls.

Scripts are represented in JSON using standard JSON objects and values.

Each script is identified by a system-generated universally unique identifier (UUID), which must be specified when reading or updating existing scripts. Renaming a script doesn’t affect the UUID.

{
  "_id": "aeb22d32-100c-46c0-ac51-af571889e5b9",
  "name": "MyJavaScript",
  "description": "An example script",
  "script": "dmFyIGEgPSAxMjM7CnZhciBiID0gNDU2Ow==",
  "default": false,
  "language": "JAVASCRIPT",
  "context": "POLICY_CONDITION",
  "createdBy": "null",
  "creationDate": 0,
  "lastModifiedBy": "null",
  "lastModifiedDate": 0,
  "evaluatorVersion": "1.0"
}

The values for the fields shown in the example are explained below:

_id

The UUID that PingOne Advanced Identity Cloud generates for the script.

name

The name provided for the script.

description

An optional text string to help identify the script.

script

The source code of the script. The source code is in UTF-8 format and encoded into Base64.

For example, the following script:

var a = 123;
var b = 456;

becomes dmFyIGEgPSAxMjM7IA0KdmFyIGIgPSA0NTY7 when encoded into Base64.

default

Whether the script is a default script (true) that applies to all realms, or custom (false).

language

The language the script is written in: JAVASCRIPT.

context

The context type of the script.

Supported values are:

Table 1. Supported context values
Value	Description
`AUTHENTICATION_CLIENT_SIDE`	Client-side authentication script
`AUTHENTICATION_SERVER_SIDE`	Server-side authentication script
`AUTHENTICATION_TREE_DECISION_NODE`	Authentication scripts used by Scripted Decision nodes
`CONFIG_PROVIDER_NODE`	Configuration Provider node script
`OAUTH2_ACCESS_TOKEN_MODIFICATION`	Access token modification script
`OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER`	Script to enhance the data returned from the OAuth 2.0 provider in the authorization request
`OAUTH2_EVALUATE_SCOPE`	Script to customize the scopes in an OAuth 2.0 access token
`OAUTH2_MAY_ACT`	Script to add `may_act` claims to tokens for token exchange
`OAUTH2_SCRIPTED_JWT_ISSUE`	Script to configure a trusted JWT issuer
`OAUTH2_VALIDATE_SCOPE`	Script to validate the requested scopes
`OIDC_CLAIMS`	Modify OIDC claims when issuing an ID token or calling the `/userinfo` endpoint
`LIBRARY`	Reuse code with a library script
`POLICY_CONDITION`	Scripted conditions for authorization policies
`SAML2_IDP_ADAPTER`	Scripts for customizing the authentication request in a SAML 2.0 journey
`SAML2_IDP_ATTRIBUTE_MAPPER`	Scripts for customizing SAML 2.0 attribute mapping
`SAML2_SP_ADAPTER`	Scripts for customizing the authentication request on the SP side in a SAML 2.0 journey
`SOCIAL_IDP_PROFILE_TRANSFORMATION`	Map fields from the social IDP to fields expected by PingOne Advanced Identity Cloud

createdBy: A string containing the universal identifier DN of the subject that created the script, or null when not used in PingOne Advanced Identity Cloud.
creationDate: An integer containing the creation date and time, in ISO 8601 format, or 0 when not used in PingOne Advanced Identity Cloud.
lastModifiedBy: A string containing the universal identifier DN of the subject that most recently updated the resource type, or null when not used in PingOne Advanced Identity Cloud.

If the script has not been modified since it was created, this property will have the same value as createdBy.
lastModifiedDate: A string containing the last modified date and time, in ISO 8601 format, or 0 when not used in PingOne Advanced Identity Cloud.

If the script has not been modified since it was created, this property will have the same value as creationDate.
evaluatorVersion: A number representing the script engine version: 1.0 for legacy or 2.0 for next-generation. Refer to Next-generation scripts for details.

When invalid or unspecified, the value defaults to 1.0 for all script types except library scripts, which are always 2.0 (next-generation).