By: Chris Lumpkin user 20 Oct 2020 at 10:39 a.m. CDT

2 Responses
Chris Lumpkin gravatar
I followed the instructions in the docs to [enable a custom introspection script]( I need this script to run and inject some attributes into the access token for a client, so I enabled the "Access Token as JWT" in advanced settings for the client, and attached the custom script to the client under "Custom Scripts". Here is the script code: ``` from org.gluu.model.custom.script.type.introspection import IntrospectionType from org.json import JSONObject from java.lang import String class Introspection(IntrospectionType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis def init(self, customScript, configurationAttributes): print "Introspection script. Initializing ..." print "Introspection script. Initialized successfully" return True def destroy(self, configurationAttributes): print "Introspection script. Destroying ..." print "Introspection script. Destroyed successfully" return True def getApiVersion(self): return 11 # Returns boolean, true - apply introspection method, false - ignore it. # This method is called after introspection response is ready. This method can modify introspection response. # Note : # responseAsJsonObject - is org.codehaus.jettison.json.JSONObject, you can use any method to manipulate json # context is reference of org.gluu.oxauth.service.external.context.ExternalIntrospectionContext (in project, ) def modifyResponse(self, responseAsJsonObject, context): print "Introspection script. Modifying response ..." responseAsJsonObject.accumulate("custom", "hello world") print "Introspection script. Modified response successfully" return True ``` Here is the access token that's returned upon authorization: ``` { "aud": "ba87a55f-c42a-4768-81c6-7f796cb42c33", "sub": "paw5M6JgbvrenEnDTiIfHeTlWoXR6omC-xafeG45etU", "x5t#S256": "", "scope": [ "openid", "profile" ], "iss": "", "token_type": "bearer", "exp": 1603207213, "iat": 1603206913, "client_id": "ba87a55f-c42a-4768-81c6-7f796cb42c33", "username": "bob" } ``` I am not seeing any of my custom script log statements in `oxauth_script.log`. Is there some other precondition for the introspection script to run during access token grant?

By Yuriy Zabrovarnyy staff 20 Oct 2020 at 10:57 a.m. CDT

Yuriy Zabrovarnyy gravatar
Hi Chris, Find LDIF of your client and check whether `oxAttribute` json value contains `"runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims: true"`. Other requirements are : 1) script has to be enabled 2) script should have valid syntax

By Chris Lumpkin user 20 Oct 2020 at 11:54 a.m. CDT

Chris Lumpkin gravatar
I found and updated the client attribute, this fixed my issue. Thanks Yuriy!