Migrate decision node scripts to next-generation scripts
Different bindings are available to the decision node script depending on the scripting engine version; legacy or next-generation.
Complete the steps described in Migrate to next-generation scripts, using the examples listed in the following table as a guide when updating the bindings:
Binding | Next-generation change | ||
---|---|---|---|
New. Use static method To send callbacks, instead of calling |
|||
New. Instead of creating a |
|||
Uses native JavaScript objects, similar to the Fetch API. |
|||
Class changed from Use
|
|||
New. Generate JWT assertions in scripts. |
|||
New. Validate JWT assertions in scripts. |
|||
Logger is now based on |
|||
The |
|||
New. Use this binding to access the |
|||
New. Access the request cookies directly using this binding. |
action
var fr = JavaImporter(
org.forgerock.openam.auth.node.api.Action);
// Journey continues along the "false" path
action = fr.Action.goTo("false").build(); 1
// Journey continues along the "false" path
action.goTo("false"); 1
1 No need to import the Action
class to access the goTo
method. Instead, call the goTo
method directly on the action
binding.
callbacksBuilder
var fr = JavaImporter( 1
org.forgerock.openam.auth.node.api.Action,
javax.security.auth.callback.NameCallback,
javax.security.auth.callback.PasswordCallback,
java.lang.String
);
if (callbacks.isEmpty()) {
// Request callbacks
action = fr.Action.send( 2
new fr.NameCallback("User Name"),
new fr.PasswordCallback("Password", false)).build();
} else {
// Callbacks returned with credentials
var username =
fr.String(callbacks.get(0).getName());
var password =
fr.String(callbacks.get(1).getPassword());
sharedState.put("username", username);
if (password === null || !password) {
action = fr.Action.goTo("false").build();
} else { 3
transientState.put("password", password);
action = fr.Action.goTo("true").build(); 4
}
}
if (callbacks.isEmpty()) { 1
// Request callbacks
callbacksBuilder.nameCallback(
"User Name", "User Name");
callbacksBuilder.passwordCallback(
"Password", false);
} else {
// Callbacks returned with credentials
var username =
callbacks.getNameCallbacks().get(0);
var password =
callbacks.getPasswordCallbacks().get(0);
nodeState.putShared("username", username);
if (password === null || !password) {
action.goTo("false"); 2
} else {
nodeState.putTransient("password", 3
password);
action.goTo("true"); 4
}
}
1 Use the callbacksBuilder
object instead of importing Callback
classes.
2 No need to explicitly call send()
. The script sends every callback added to the callbacksBuilder
when it completes.
3 Use nodeState.putShared()
instead of sharedState.put()
and nodeState.putTransient()
instead of transientState.put()
.
4 No need to set the outcome, because action.goTo()
was invoked.
idRepository
Get an identity
from the idRepository
object to access attribute values.
Learn more in Access profile data.
var uuid = "3f5ab61c-1587-44b3-b7d4-675e5159fcca";
var mail = idRepository.getAttribute(
uuid, "mail"); 1 2
idRepository.setAttribute(username, "mail",
["new@example.com"]); 3
var uuid = "3f5ab61c-1587-44b3-b7d4-675e5159fcca";
var identity =
idRepository.getIdentity(uuid); 1
var mail =
identity.getAttributeValues("mail"); 2
// Does NOT automatically persist data
identity.setAttribute("mail",
["new@example.com"]); 3
// persists data (throws an exception if setAttribute failed)
try {
identity.store(); 4
} catch(e) {
logger.error("Unable to persist attribute. " + e);
}
1 The idRepository
object is no longer used to get attribute values. Instead, use the getIdentity()
method of the new org.forgerock.openam.scripting.api.identity.ScriptIdentityRepository
interface to get the identity object.
2 Use the identity
object, instead of idRepository
, to get or set attribute values.
3 Adding or setting attributes on the identity
object does not persist data.
4 You must explicitly persist changes by calling the store
method.
For more information about the idRepository
binding, refer to Access profile data.
nodeState
// var username = sharedState.get("username");
1
var username =
nodeState.get("username").asString(); 2
var attributes = 3
nodeState.get("objectAttributes").asMap();
var username = nodeState.get("username"); 2
var attributes =
nodeState.getObject("objectAttributes"); 3
1 Deprecated sharedState
and transientState
bindings are no longer available. Use nodeState.get()
instead. To store state values, use nodeState.putShared()
or nodeState.putTransient()
instead of sharedState.put()
and transientState.put()
.
2 No need to call methods such as asString()
or asMap()
.
3 New getObject()
method to retrieve a map with values stored across different states.
The map is immutable.
To get the UUID from |
For more information about the nodeState
binding, refer to Access shared state data.