Skip to content

Introspection Script

Jump to bottom
Madhumita Subramaniam edited this page Apr 14, 2022 · 1 revision

Overview

Introspection scripts allows to modify response of Introspection Endpoint (spec). Introspection script should be associated with client (used for obtaining the token) in order to be run.

Configuration Prerequisites

  • A Janssen Authorization Server installation
  • Introspection script - included in the default Janssen OpenBanking distribution
  • Setting configuration Parameters

Adding the custom script

  1. To add or update custom scripts, you can use either jans-cli or curl. jans-cli in interactive mode, option 13 enables you manage custom scripts. For more info, see the docs.
  2. jans-cli in command line argument mode is more conducive to scripting and automation. To display the available operations for custom scripts, use config-cli.py --info CustomScripts. See the docs for more info.
  3. To use curl see these docs

!!! Note: you can normally find jans-cli.py in the /opt/jans/jans-cli/ folder.

Steps to add / edit / delete configuration parameters:**

  1. Place a [json file] containing configuration parameters and the custom script in a folder.

  2. From this folder, run the following command:

/opt/jans/jans-cli/config-cli.py --operation-id post-config-scripts --data /IntrospectionScript.json \
-cert-file yourcertfile.pem -key-file yourkey.key

Pseudocode (Understanding the script):

  1. IntrospectionType class and initialization:
class Introspection(IntrospectionType):
    def __init__(self, currentTimeMillis):
        self.currentTimeMillis = currentTimeMillis

    def init(self, customScript, configurationAttributes):
        return True

    def destroy(self, configurationAttributes):
        return True

    def getApiVersion(self):
        return 11
  1. This method is called after introspection response is ready. This method can modify introspection response.
    # Returns boolean, true - apply introspection method, false - ignore it.
    # Note : responseAsJsonObject - is org.codehaus.jettison.json.JSONObject, you can use any method to manipulate json
    # context is reference of org.gluu.oxauth.service.external.context.ExternalIntrospectionContext (in https://github.com/GluuFederation/oxauth project)
    def modifyResponse(self, responseAsJsonObject, context):
        ...
        # get session, extract openbanking_intent_id 
        sessionIdService = CdiUtil.bean(SessionIdService)
        sessionId = sessionIdService.getSessionByDn(context.getTokenGrant().getSessionDn()) # fetch from persistence
        openbanking_intent_id = sessionId.getSessionAttributes().get("openbanking_intent_id")
        
        # modify response
        responseAsJsonObject.accumulate("openbanking_intent_id", openbanking_intent_id)

        return True
Clone this wiki locally