oidc-claims-extension.groovy revision abffea1c30ac3b8508f7d708cdd90d9198b64e04
* The contents of this file are subject to the terms of the Common Development and * Distribution License (the License). You may not use this file except in compliance with the * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the * specific language governing permission and limitations under the License. * When distributing Covered Software, include this CDDL Header Notice in each file and include * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions copyright [year] [name of copyright owner]". * Copyright 2014-2015 ForgeRock AS. * logger - always presents, the "OAuth2Provider" debug logger instance * claims - always present, default server provided claims * accessToken - always present, the OAuth2 access token * session - present if the request contains the session cookie, the user's session object * identity - always present, the identity of the resource owner * scopes - always present, the requested scopes * requestedClaims - Map<String, Set<String>> * always present, not empty if the request contains a claims parameter and server has enabled * claims_parameter_supported, map of requested claims to possible values, otherwise empty, * requested claims with no requested values will have a key but no value in the map. A key with * a single value in its Set indicates this is the only value that should be returned. * Required to return a Map of claims to be added to the id_token claims // user session not guaranteed to be present logger.
warning(
"OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim");
throw new RuntimeException(
"No selection logic for $claim defined. Values: $requested")
// [ {claim}: {attribute retriever}, ... ] // {scope}: [ {claim}, ... ] "address": [
"address" ],
"phone": [
"phone_number" ],
"profile": [
"given_name",
"zoneinfo",
"family_name",
"locale",
"name" ]
logger.
message(
"OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s")
logger.
warning(
"OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e);
logger.
warning(
"OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e);