1. Lambdas

FusionAuth provides the ability to handle different events that occur inside it as well as customize tokens and messages that FusionAuth sends such as JWTs or SAML responses. Lambdas in FusionAuth are JavaScript functions that are invoked when these events occur. Developers can write lambdas in the FusionAuth UI or can upload lambdas via the API.

Here is an example of a FusionAuth lambda that adds some additional fields to a JWT:

function populate(jwt, user, registration) {
  jwt.roles = registration.roles || [];
  jwt.favoriteColor =;

The lambdas that FusionAuth currently supports are:

2. JavaScript

Currently, FusionAuth is using the Nashorn JavaScript engine. This engine supports ECMA script version 5.1. In addition to the standard JavaScript objects and constructs, the lambdas have access to these classes:

  • console (supports log, info, debug and error)

  • JSON (supports stringify and parse)

Nashorn is also built on top of the Java virtual machine. It has access to everything in the Java JDK as well as all the libraries that FusionAuth is using. These are advanced features that you can use if you wish, but are not supported under the community version of FusionAuth. Here is the documentation provided by Oracle for the Nashorn engine:

3. Limitations

The FusionAuth lambdas do not have full access to JavaScript modules and libraries. They also cannot import, require or load other libraries currently. These features might be added to our lambda support in the future but Nashorn does not support them currently.

4. Future engines

The Nashorn engine is being phased out of Java in favor of more robust and advanced engines. At any point in the future, we might switch from Nashorn to another JavaScript engine like V8. Therefore, use Nashorn features at your own risk.