Using OAuth 2.0 and OpenID Connect Overview of OAuth 2.0 and OpenID Connect Basics Roles Access Tokens Grant Types and Flows Scopes Endpoints in an Authorization Server How InterSystems IRIS Supports OAuth 2.0 and OpenID Connect Supported Scenarios InterSystems IRIS Support for OAuth 2.0 and OpenID Connect Standards Supported in InterSystems IRIS Using an InterSystems IRIS Web Application as an OAuth 2.0 Client Prerequisites for the InterSystems IRIS Client Configuration Requirements Outline of Code Requirements Obtaining Tokens Examining the Token(s) Adding an Access Token to an HTTP Request Optionally Defining Delegated Authentication for the Web Client Revoking Access Tokens Rotating Keys Used for JWTs Getting a New Public JWKS from the Authorization Server OAuth 2.0 Client Variations Disabling PKCE Implicit Grant Type Password Credentials Grant Type Client Credentials Grant Type Performing the Redirect within OnPreHTTP Passing Request Objects as JWTs Calling Other Endpoints of the Authorization Server Using an InterSystems IRIS Web Application as an OAuth 2.0 Resource Server Prerequisites for the InterSystems IRIS Resource Server Configuration Requirements Code Requirements Examining the Token(s) Variations Using InterSystems IRIS as an OAuth 2.0 Authorization Server Configuration Requirements for the InterSystems IRIS Authorization Server Code Customization Options and Overall Flow Implementing the Custom Methods for the InterSystems IRIS Authorization Server Details for the %OAuth2.Server.Properties Object Locations of the Authorization Server Endpoints Creating Client Definitions on an InterSystems IRIS OAuth 2.0 Authorization Server Rotating Keys Used for JWTs Getting a New Public JWKS from a Client Creating Configuration Items Programmatically Creating the Client Configuration Items Programmatically Creating the Server Configuration Items Programmatically Implementing DirectLogin() Certificates and JWTs (JSON Web Tokens) Using Certificates for an OAuth 2.0 Client Using Certificates for an OAuth 2.0 Resource Server Using Certificates for an OAuth 2.0 Authorization Server Working with JWT Headers Adding Header Values (Authorization Server) Adding Header Values (Direct JWT Generation) Processing JWT Headers