Environment variables
In this article, we provide a comprehensive overview of the environment variables used in Strivacity. These variables, which include native claims, local variables, and context variables, play a crucial role in configuring and customizing authentication journeys. Understanding these variables will enable you to effectively manage customer data and streamline your security policies.
Native claims
Native claims represent how customer data is expressed within Strivacity. This is a layer of abstraction that allows account attributes to be associated with dialects or mappings. They ensure consistent and accurate data handling across different components of the authentication journey.
Functions:
- Set up native claims within identity stores to correspond with account attributes.
- Synchronize claims from social login or enterprise login providers with account attributes through native claims in Claim Mapping.
- Define local variables to pass back to the Lifecycle Event Hook, enabling custom logic or actions based on the outcome of the authentication journey in the Journey Builder exit success or exit failure steps.
- Configure multi-branch workflows based on conditional rules written against native claim values in the Journey Builder condition step.
- Persist customer input or data collected during the authentication journey to account attributes via native claims in the Journey Builder persist data step.
- Define targeting based on native claims in A/B testing.
- Incorporate native claims into email templates within notification policies to include relevant account attributes automatically.
- Collect verified customer data in account attributes via native claims during the identity verification data collection step in an identity verification policy.
Local variables
Local variables are temporary data points created during an authentication journey. These variables store transient information, such as customer input or identity verification results, and are used to facilitate dynamic decision-making and customization throughout the authentication process.
Functions:
- Map local variables to native claims in the Journey Builder input step.
- Configure multi-branch workflows based on conditional rules written against local variables in the Journey Builder condition step.
- Persist customer input or data collected from local variables during the authentication journey in the Journey Builder persist data step.
- Define local variables to pass back to the Lifecycle Event Hook, enabling custom logic or actions based on the outcome of the authentication journey in the Journey Builder exit success or exit failure steps.
Context variables
Context variables are data points that capture the state and details of the current authentication session. These variables include information about the customer's session, device, and environmental conditions, enabling customized and context-aware decision-making throughout the authentication journey.
Functions:
- Configure multi-branch workflows based on conditional rules written against session context variables in the Journey Builder condition step or Lifecycle Event Hooks.
- Persist customer input or data collected from context variables during the authentication journey in the Journey Builder persist data step.
- Define context variables to pass back to the Lifecycle Event Hook, enabling custom logic or actions based on the outcome of the authentication journey in the Journey Builder exit success or exit failure steps.
- Define targeting based on context variables in A/B testing.
- Build custom logic in Lifecycle Event Hooks with the use of context variables.
Available context variables
Within the Journey Builder and A/B testing:
Context variable | Definition |
---|---|
application.name | The name of the application. |
application.client_id | The unique identifier of the client. |
application.application_id | The unique identifier of the application. |
location.ip_address | The public-facing IP address of the customer’s device. |
location.anonymous_proxy | Indicates whether the location belongs to an anonymous proxy or Tor browser. |
location.location | The main object representing the entire geographical feature, encapsulating all metadata about a location as defined by GeoJSON standards. |
location.location.type | Defines the kind of geographical shape, like a point, line, or area, that represents the location. |
location.location.geometry.type | Specifies the type of shape used for the location, such as a single point or a larger area like a polygon. |
location.location.geometry.coordinates | Lists the exact positions (like latitude and longitude) that describe where the location is on a map. |
location.location.properties | Contains additional properties or metadata about the location, such as names, descriptions, or other contextual details that provide further information about the geographical feature. |
oidc_context.ui_locales | Specifies the preferred user interface locales (languages) as requested during the OIDC authentication process. |
oidc_context.acr_values | Lists the requested Authentication Context Class References (ACR) during the OIDC authentication process, which indicate the desired authentication strength or method (e.g., multi-factor authentication). |
oidc_context.login_hint | Provides a hint to the authentication server about the customer’s identity, often used to pre-fill the username field or direct the customer to a specific authentication method. |
saml_context.subject.name_id | Represents the unique identifier of the subject (customer) in a SAML authentication request, used to match the customer across systems during authentication and authorization. |
store | The identifier of the identity store containing the customer. |
language | The language preference set for the session or customer. |
customer.last_login.location | The location associated with the customer’s last login. |
customer.last_login.ip | The IP address used during the customer’s last login. |
customer.created_at | The date and time when the customer’s account was created. |
customer.last_login.time | The date and time of the customer’s last login. |
customer.number_of_logins | The total number of logins by the customer. |
Within Lifecycle Event Hooks:
Variables that can be found in most hooks:
Context variable | Definition |
---|---|
application | An object that represents the context of the application involved in the authentication process. |
application.name | The name of the application. |
application.client_id | The unique identifier of the client. |
application.application_id | The unique identifier of the application. |
oidc_context | An object that represents the context of an OIDC authentication request. |
oidc_context.ui_locales | Specifies the preferred user interface locales (languages) as requested during the OIDC authentication process. |
oidc_context.acr_values | Lists the requested Authentication Context Class References (ACR) during the OIDC authentication process, which indicate the desired authentication strength or method (e.g., multi-factor authentication). |
oidc_context.login_hint | Provides a hint to the authentication server about the customer’s identity, often used to pre-fill the username field or direct the customer to a specific authentication method. |
saml_context | An object that represents the context of a SAML authentication request. |
saml_context.subject | Represents the subject (customer) involved in a SAML authentication request, containing attributes and identifiers used to authenticate and authorize the customer across systems. |
saml_context.subject.name_id | Represents the unique identifier of the subject (customer) in a SAML authentication request, used to match the customer across systems during authentication and authorization. |
customer | An object that represents the customer’s context within the authentication session. |
customer.location | An object representing the geographical context of the customer. |
customer.location.anonymous_proxy | Indicates whether the location belongs to an anonymous proxy or Tor browser. |
customer.location.location | Encapsules all metadata about a location as defined by GeoJSON standards. |
customer.store | The identifier of the identity store containing the customer. |
customer.info | An object containing metadata about the customer based on account attributes stored in the identity store. |
customer.info.id | The identifier of the customer. |
customer.language | The language preference set for the session or customer. |
customer.groups | Groups to which the customer belongs. |
customer.consents | The consents provided by the customer. |
customer.account_proofings | Records of the passed and failed identity verification processes associated with the customer’s account. |
customer.organization | Organizations to which the customer belongs. |
customer.organization.id | The unique identifier of the customer’s organization. |
customer.roles | The roles assigned to the customer. |
customer.ip_addresss | The public-facing IP address of the customer’s device. |
customer.last_login | The location associated with the customer’s last login. |
session | An object used within an event hook to store and manage data throughout the lifecycle of a session. It enables communication and data sharing between different event hooks, allowing hooks to interact and pass information throughout the session. |
Variables in blocking hooks:
Context variables | Definition |
---|---|
continue_context | A collection of processed query parameters returned by the continue API, capturing the data passed back when a continuation flow is invoked. |
continue_request_parameters | An object that represents the parameters associated with a continuation request. |
continue_request_parameters.callback_url | A URL endpoint that specifies where the customer should be redirected after completing a particular action or step in a continuation flow, such as authentication. |
continue_request_parameters.state | A unique value that maintains the state of the request between the client and the authentication server. |
journey_result | Contains the outcome of a journey as defined by the configured exit step. It includes a 'result' field indicating success or failure based on the exit step type, and 'returnValues', which are key-value pairs specified in the applied exit step. |
Updated 10 days ago