Context Object Properties in Rules
context object stores contextual information about the current authentication transaction, such as the user's IP address, application, or location.
If you change token content using the context object within a rule, your changes will be available in tokens after all rules have finished running. If your application also requires multifactor authentication or user consent, the user will be prompted before changes in the token are available.
The following properties are available for the
|A string containing the name of the tenant.
|The client id of the application the user is logging in to.
|The name of the application (as defined on the dashboard).
|An object for holding other application properties. Its keys and values are strings.
|A string containing the connection's unique identifier.
|The name of the connection used to authenticate the user (such as:
|The type of connection. For social connection
connection. For enterprise connections, the strategy will be
waad (Windows Azure AD),
ad (Active Directory/LDAP),
auth0 (database connections), and so on.
|An object representing the options defined on the connection.
connectionOptions.tenant_domain is a string containing the domain being used for authentication when using an Enterprise connection.
connectionOptions.domain_aliases is an array containing the optional domains registered as aliases in addition to the primary domain (specified in the
|An object representing metadata defined on the connection. Its keys and values are strings.
|An object that controls the behavior of the SAML and WS-Fed endpoints. Useful for advanced claims mapping and token enrichment (only available for
|The authentication protocol. Possible values:
|An object containing specific scores (low, medium, high, neutral) for high risk login attempt assessors. See Customize Adaptive MFA with Rules.
|An object containing specific user stats, like
stats.loginsCount. Note that any of the counter variables returned as part of the
stats object do not increase during silent authentication (as when
prompt=none). There are also scenarios where the counter variables might increase yet a rule or set of rules do not execute, as in the case of a successful cross-origin authentication followed by a failed token request.
|This object will contain information about the Single Sign-on (SSO) transaction (if available)
|An object representing the options defined on the Access Token. You can use this object to add custom namespaced claims to the Access Token.
context.accessToken.scope can be used to change the Access Token's returned scopes. When provided, it is an array containing permissions in string format. Custom claims will be included in the Access Token after all rules have run.
|An object representing the options defined on the ID Token. Used to add custom namespaced claims to the ID Token. Custom claims will be included in the ID Token after all rules have run.
|An object representing the multifactor settings used in implementing contextual MFA.
|The object used to implement the redirection of a user from a rule.
|An internal identification for the authentication session. Value is kept only if
prompt=none is used in the authorization request. Note that the session ID can change after rule execution on other flows, so the value available in
context.sessionID might not match the new session ID that the user will receive. This makes this value only meaningful when
prompt=none is used.
|An object containing useful information of the request. This can also be set to
undefined. It has the following properties:
|The unique user id of the primary account for the user. Used to link user accounts from various identity providers.
|An object containing information related to the authentication transaction with the following properties:
methods: an array of objects containing the authentication methods a user has completed during their session. For example, a user that has completed a password-based authentication followed by MFA may have the following methods:
Was this helpful?
The method objects will contain the following properties:
You can see a sample use case of the
|An object containing information related to the authorization transaction with the following properties:
|Object containing information related to the organization. Includes the following properties: