OAuth and OIDC mapping rules files
In OAuth and OpenID Connect deployments, we can use mapping rules to customize your use ISAM features.
ISAM provides template mapping rules we can use when configuring OAuth and OpenID Connect deployments. For OIDC, the rules are automatically included when we create an OIDC API Protection definition. One mapping rule is used pre-token generation. The other mapping rule is used post-token generation. If we created API definitions in a prior release ISAM, and updated to Version 9.0.4, we have the option to enable OIDC. However, enabling OIDC and saving the definition does not update the mapping rules. We can manually update the mapping rules by following the instructions in Updating mapping rules when enabling OIDC.
Map Rule Supported Actions oauth_20_pre_mapping.js
- Use a user registry for verification of the username and password for the ROPC scenario. Optionally, force sourcing the ROPC password validation config from ldap.conf.
- Show an example of the ROPC scenario using an external service for verification of the username and password.
- Limit the number of tokens per user per client, and specify the algorithm to use.
- Customize ID Token
- Specify whether to only allow confidential clients to introspect or revoke tokens
- Discover the request_type and the grant type.
- Limit the number of grants per user per client.
- Enable a token lookup example.
- Enable custom tokens
- Enable assertion grants
- Calling additional STS chains
oauth_20_post_mapping.js
- Associate attributes
- Deletetokens
- Makean HTTP(S) callout
- Update a token
- Register an Authenticator for MFA
- Enforce that clients are only introspecting their own tokens
- UserInfo Customization
- Produce JWT UserInfo
- Call additional STS chains
- Return additional attributes to the user via response attributes.
Parent topic: Mapping rules for OAuth and OIDC