You can use scripting to modify default ForgeRock Identity Cloud behavior in many situations: client-side authentication, policy conditions, handling OpenID Connect claims, and others.

You can only use JavaScript for scripting in Identity Cloud.

Managing scripts

To manage your scripts, go to Realm > Scripts.

On the scripts page you can view a list of existing scripts. To edit, duplicate, or delete a script, click its More () menu.

The edit option in the More menu will open the script in a lightweight editor which features syntax highlighting and validation checking. You can maximize the editor to full screen to assist the editing of larger scripts:

idcloudui scripts editor

1 JavaScript editor
2 Fullscreen option
3 Syntax highlighting
4 Validation checking

Create a new script

To create a new script:

  1. Go to Realm > Scripts, then click + New Script.

  2. Choose a script type:

    Script Type Description

    Client-side Authentication

    Scripts that are executed on the client during authentication.

    Journey Decision Node

    Scripts that are included in an authentication node within a journey, and are executed on the server during authentication.

    Policy Condition

    Scripts that are used as conditions within policies.

    OIDC Claims

    Scripts that gather and populate the claims in a request when issuing an ID token or making a request to the userinfo endpoint.

    OAuth 2.0 Access Token Modification

    Scripts that modify the key-value pairs contained within access tokens before they are issued to a client.

    OAuth 2.0 "May Act"

    Scripts that can add the may_act claim to tokens when performing token exchanges.

    Social Identity Provider Profile Transformation

    Scripts that adapt the fields received by a social identity provider to align with the fields expected by Identity Cloud.

  3. After you select a script type, the editor will open. The editor is prepopulated with a default script for that type, which is intended as a starting point for your custom script.

    • If you selected the wrong script type, click Previous to repeat step 2 and select a different script type.

  4. Enter a unique name for the script, then click Save.

The script type is fixed for the lifetime of the script when the script is saved.

Journey decision node scripts

See Journeys for more information on journeys.

You can create, edit, and validate journey decision node scripts directly from within a scripted decision node in a journey.

  1. Go to Realm > Journeys.

  2. Open a journey in the journey editor.

  3. Find an existing scripted decision node or add a new one.

  4. Select the scripted decision node to open the context pane on the right side.

  5. The following screenshot shows where you can create a new journey decision node script (4) or edit an existing one (5):

idcloudui journeys scripted decision script options

1 Scripted decision node
2 Context pane
3 Journey decision node script drop-down
4 Add new journey decision node script
5 Edit existing journey decision node script