Basic Extension Scripts Testing Using Test Mode
-
Run the script in test mode to check if it works as expected.
In the video below, we are checking a simple script returning a secret value.
-
Check the data in the INPUT section.
It is meant to mimic a real request processed by Cloudentity. Modify the paremeters if necessary for the purpose of your test.
If needed, you may save your input for later use by selecting the three dots button next to the Select input type dropdown.
-
Select RUN.
Result
Your script runs against the input data. The result is printed in the OUTPUT section. Runtime information is printed in the CONSOLE section.
In a real world scenario, attribute values from OUTPUT:
-
Override the original authentication context for the Extensions that modify the authentication context (provided they exist in the authentication context - new attributes are NOT created).
-
Override claims within the security token and/or create new claims within the security token issued by the Cloudentity platform for Extensions used to enrich token claims.
For Extensions modifying the login flow for users, there is no sample output.
-
Unit Test Extensions
Cloudentity provides a Sample Script Extensions Test GitHub that can be forked within the Extensions. You can add unit/integration tests for more complex scripts. For more information, see the READ.ME
Debug Extensions Scripts
Cloudentity provides an Extension Script Debugger that allows to see detailed logs for the executed Extension Script.
To debug Extension Scripts:
-
Select LOGS in the Extension Scripts Editor.
-
Enable the Debugger for a selected time period.
You can enable the Debugger for any period between 1 minute and 60 minutes. Enabling the Debugger for a selected time period results in Cloudentity providing extended and rich logs for the given script whenever it is executed within the defined time period.
It is possible to enable the Debugger for multiple Extension Scripts at the same time. If you wish to get rich logs for multiple Extension Scripts, just repeat the process for any additional Extension Script.
-
Execute your Extension Script.
Executing a script does not mean running it in the Test Mode. To see detailed logs, you need to actually execute the script the same way it is invoked. For example, if your Extension execution happens after user authentication, you need to first authenticate a user to see a detailed log for this script execution.
How To Execute A Script for Testing
If you wish to simply test your Extension script and debug it, you may, for example, Assign the Extension to IDP as a post authentication extension. It may be, for example, assigned to a Sandbox IDP. Then, log into the Cloudentity Demo Application. You should see the logs for the script in the LOGS tab for your extension. If you enabled the debugger, the logs will be extended.
-
Once your Extension is executed, you can see the detailed logs for it.
You can browse logs live in real time, or select a date range between which a particular extension was executed.
Below, you can find examples of standard logs and extended logs with the Debugger enabled:
Standard Logs Example
{
"script_executed": {
"script_id": "6fe3c99844bc44b2b3a7b396eb0bec89",
"script_name": "Sample Api Request",
"execution_point": "post_authn_ctx",
"executed_at": "2023-04-03T12:21:19Z",
"duration": "10ms",
"input": null,
"output": null,
"stdout": "",
"stderr": "",
"caught_err": "",
"log_level": "info"
}
}
Extended Logs Example
{
"script_executed": {
"script_id": "6fe3c99844bc44b2b3a7b396eb0bec89",
"script_name": "Sample Api Request",
"execution_point": "post_authn_ctx",
"executed_at": "2023-04-03T12:17:50Z",
"duration": "402ms",
"input": {
"acr": "1",
"amr": [
"pwd"
],
"authn_ctx": {
"email": "jdoe@example.com",
"email_verified": true,
"family_name": "Doe",
"given_name": "John",
"name": "John Doe",
"phone_number": "+12065550100",
"phone_number_verified": true
},
"authorize_request": {
"query_params": {
"acr_values": [
""
],
"client_id": [
"demo-demo"
],
"code_challenge": [
"vhfJeggBt988zEUCaPO2jC22d9tx0uL1D7jEWSwoAig"
],
"code_challenge_method": [
"S256"
],
"jwk": [
""
],
"nonce": null,
"prompt": [
""
],
"redirect_uri": [
"https://{tid}.{region}.authz.stage.cloudentity.io/{tid}/{wid}/demo"
],
"response_mode": [
""
],
"response_type": [
"code"
],
"scope": [
"email offline_access openid profile"
],
"state": null
},
"redirect_uri": "https://{tid}.{region}.authz.stage.cloudentity.io/{tid}/{wid}/demo",
"url": "https://{tid}.{region}.authz.stage.cloudentity.io/{tid}/{wid}/oauth2/authorize?acr_values=&client_id=demo-demo&code_challenge=vhfJeggBt988zEUCaPO2jC22d9tx0uL1D7jEWSwoAig&code_challenge_method=S256&jwk=&nonce=7b276422111e4b46a2e82cb473a4fc76&prompt=&redirect_uri=https%3A%2F%2F{tid}.{region}.authz.stage.cloudentity.io%2F{tid}%2Fdemo%2Fdemo&response_mode=&response_type=code&scope=email+offline_access+openid+profile&state=8a83941af1dc4c12a3543d29d89ef7f2"
},
"idp_sub": "demo",
"requested_scopes": {
"email": [
{
"authorization_server_id": "demo",
"description": "This scope value requests access to the email and email_verified claims.",
"display_name": "Email",
"id": "demo-email",
"metadata": null,
"name": "email",
"params": [],
"requested_name": "email",
"service": {
"authorization_server_id": "demo",
"custom_audience": "",
"description": "",
"gateway_id": "",
"id": "demo-profile",
"name": "Profile",
"system": true,
"tenant_id": "{tid}",
"type": "",
"updated_at": "0001-01-01T00:00:00Z",
"with_specification": false
},
"tenant_id": "{tid}",
"transient": false,
"with_service": true
}
],
"offline_access": [
{
"authorization_server_id": "demo",
"description": "This scope value requests offline access using refresh token.",
"display_name": "Offline access",
"id": "demo-offline_access",
"metadata": null,
"name": "offline_access",
"params": [],
"requested_name": "offline_access",
"service": {
"authorization_server_id": "demo",
"custom_audience": "",
"description": "",
"gateway_id": "",
"id": "demo-profile",
"name": "Profile",
"system": true,
"tenant_id": "{tid}",
"type": "",
"updated_at": "0001-01-01T00:00:00Z",
"with_specification": false
},
"tenant_id": "{tid}",
"transient": false,
"with_service": true
}
],
"openid": [
{
"authorization_server_id": "demo",
"description": "This scope value requests access to the sub claim which uniquely identifies the user.",
"display_name": "OpenID",
"id": "demo-openid",
"metadata": null,
"name": "openid",
"params": [],
"requested_name": "openid",
"service": {
"authorization_server_id": "demo",
"custom_audience": "",
"description": "",
"gateway_id": "",
"id": "demo-profile",
"name": "Profile",
"system": true,
"tenant_id": "{tid}",
"type": "",
"updated_at": "0001-01-01T00:00:00Z",
"with_specification": false
},
"tenant_id": "{tid}",
"transient": false,
"with_service": true
}
],
"profile": [
{
"authorization_server_id": "demo",
"description": "This scope value requests access to the end-user's default profile claims, which are: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at.",
"display_name": "Profile",
"id": "demo-profile",
"metadata": null,
"name": "profile",
"params": [],
"requested_name": "profile",
"service": {
"authorization_server_id": "demo",
"custom_audience": "",
"description": "",
"gateway_id": "",
"id": "demo-profile",
"name": "Profile",
"system": true,
"tenant_id": "{tid}",
"type": "",
"updated_at": "0001-01-01T00:00:00Z",
"with_specification": false
},
"tenant_id": "{tid}",
"transient": false,
"with_service": true
}
]
},
"secrets": {}
},
"output": {
"pet_of_the_day": {
"age": 5,
"name": "Barksalot",
"photo": "https://learnwebcode.github.io/json-example/images/dog-1.jpg",
"species": "Dog"
}
},
"stdout": "",
"stderr": "",
"caught_err": "",
"log_level": "debug"
}
}
As you can see in the example above, the extended logs contain, for example, information about requested scopes, user authentication context, and more.