%OAuth2.Server.Authenticate
class %OAuth2.Server.Authenticate extends %CSP.Page
%OAuth2.Server.Authenticate acts as the subclass for all user written Authenticate classes as well as being the default Authenticate class. The Authenticate class is used by Authorization Endpoint at OAuth2.Server.Auth to authenticate the user. This class allows the customization of the authentication process.The following methods may be implemented to override the default in OAuth2.Server: DirectLogin, DisplayLogin and DisplayPermissions.
The scope argument to all of these methods is a %ArrayOfDatatypes where the keys are scope values and the values are the display form of the scope value.
The CSS style is defined in DrawStyle. |
---|
loginForm is for DisplayLogin |
permissionForm is for DisplayPermissions |
Customer can modify these CSS to tailor desired look and feel. |
Method Inventory
- AfterAuthenticate()
- BeforeAuthenticate()
- DelegatedAuthentication()
- DirectLogin()
- Display2FA()
- DisplayLogin()
- DisplayPermissions()
- Draw2FAHead()
- DrawAcceptHead()
- DrawFooter()
- DrawLoginHead()
- DrawStyle()
- GetLanguageList()
Parameters
parameter DOMAIN = %OAuth2Login;
Login page localization domain
Methods
classmethod AfterAuthenticate(scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties) as %Status
The AfterAuthenticate method of the Authenticate class is called after any authentication
is completed (including if the authentication is cookie based)
to allow the scope or properties associated with the request to be modified based on
scope values or request parameters.
AfterAuthenticate may add properties to the authentication HTTP response,
by adding them to properties.ResponseProperties.
classmethod BeforeAuthenticate(scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties) as %Status
The BeforeAuthenticate method of the Authenticate class is called before any authentication takes place
to allow the scope or claims associated with the request to be modified based on
scope values or request parameters.
classmethod DelegatedAuthentication(properties As %OAuth2.Server.Properties, localRedirectURL As %String, Output delegatedAuthenticationURL As %String) as %Status
DelegatedAuthentication can be used to redirect the flow of the authorization process to another authentication system, such as an OpenID Connect
Identity Provider. If it is not null, the resource owner will be redirected to delegatedAuthenticationURL.
localRedirectURL is a URL that the delegated authentication service should
redirect to after completion in order to reinsert the user back into the original authorization flow. This method
may set values of the properties.CustomProperties array that may be used in the ValidateDelegatedAuthentication method of the Validate class.
classmethod DirectLogin(scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, Output username As %String, Output password As %String) as %Status
If DirectLogin chooses to do authentication by some means other than display of the user login form,
DirectLogin sets the username and password arguments which will later be used
to obtain the properties associated with the access token and to generate the token.
If username is set to $char(0), then the access_denied error will be returned.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument.
classmethod Display2FA(authorizationCode As %String, scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, loginCount As %Integer = 1) as %Status
Display2fa is responsible for writing out the HTML to display an HTML form to allow the user to perform
two factor authentication.The form should include a 2FAToken field and an AuthorizationCode hidden field.
The Authorization code hidden field is inserted by Display2fa using the InsertHiddenField
method of %CSP.Page. The form will normally be submitted using a button named "Login". If it is submitted
with a button named "Accept", then the page will skip calling DisplayPermissions to authorize the scopes.
If this done, the page should display the requested scopes prior to submitting.
If the form is submitted using a button named Cancel, then the authorization process will
terminate with an error return of access_denied.
loginCount is the integer count of which login attempt is taking place.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument.
loginCount is the integer count of which login attempt is taking place.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument.
classmethod DisplayLogin(authorizationCode As %String, scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, loginCount As %Integer = 1) as %Status
DisplayLogin is responsible for writing out the HTML to display the user login form.
The login form must contain a Username field, a Password field and an AuthorizationCode hidden field.
The Authorization code hidden field is inserted by DisplayLogin using the InsertHiddenField
method of %CSP.Page. The form will normally be submitted using a button named "Login". If it is submitted
with a button named "Accept", then the page will skip calling DisplayPermissions to authorize the scopes.
If this done, the page should display the requested scopes prior to submitting.
If the form is submitted using a button named Cancel, then the authorization process will
terminate with an error return of access_denied.
loginCount is the integer count of which login attempt is taking place.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument. In addition, any submitted values with name beginning with p_ (i.e. the element name begins with p_) will be copied to the properties.CustomProperties array with the p_ prefix removed from the name.
loginCount is the integer count of which login attempt is taking place.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument. In addition, any submitted values with name beginning with p_ (i.e. the element name begins with p_) will be copied to the properties.CustomProperties array with the p_ prefix removed from the name.
classmethod DisplayPermissions(authorizationCode As %String, scopeArray As %ArrayOfDataTypes, currentScopeArray As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties) as %Status
DisplayPermissions is responsible for writing out the HTML to display the user accept permissions form.
The accept permissions form should display the already obtained scopes in display format based on currentScopeArray.
The accept permissions form should display the requested scopes in display format based on scopeArray.
The Authorization code hidden field is inserted by DisplayPermissions using the InsertHiddenField method of %CSP.Page. The form should be submitted using a button named "Accept". If the form is submitted using a button named Cancel, then the authorization process will terminate with an error return of access_denied.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument. In addition, any submitted values with name beginning with p_ (i.e. the element name begins with p_) will be copied to the properties.CustomProperties array with the p_ prefix removed from the name.
The accept permissions form should display the already obtained scopes in display format based on currentScopeArray.
The accept permissions form should display the requested scopes in display format based on scopeArray.
The Authorization code hidden field is inserted by DisplayPermissions using the InsertHiddenField method of %CSP.Page. The form should be submitted using a button named "Accept". If the form is submitted using a button named Cancel, then the authorization process will terminate with an error return of access_denied.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument. In addition, any submitted values with name beginning with p_ (i.e. the element name begins with p_) will be copied to the properties.CustomProperties array with the p_ prefix removed from the name.
classmethod Draw2FAHead(TITLE2FA, MSGTOKEN)
classmethod DrawAcceptHead(ACCEPTHEADTITLE)
classmethod DrawLoginHead(LOGINHEADTITLE, MSGUSERNAME, MSGPASSWORD, MSGUSERNAMEPASSWORD)
classmethod DrawStyle()
classmethod GetLanguageList() as %List
The GetLanguageList method returns a comma separated list of the languages that are supported
for the message domain used for this class.
This language list is returned as the ui_locales server metadata property.
Inherited Members
Inherited Methods
- %ClassIsLatestVersion()
- %ClassName()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %New()
- %OriginalNamespace()
- %PackageName()
- %SetModified()
- ConvertParameter()
- Decrypt()
- Encrypt()
- EscapeHTML()
- EscapeURL()
- HyperEventCall()
- HyperEventHead()
- Include()
- InsertHiddenField()
- InsertHiddenFields()
- IsPrivate()
- Link()
- OnHTTPHeader()
- OnPage()
- OnPageError()
- OnPostHTTP()
- OnPostHyperEvent()
- OnPreHTTP()
- OnPreHyperEvent()
- Page()
- QuoteJS()
- RewriteURL()
- ShowError()
- StartTimer()
- StopTimer()
- ThrowError()
- UnescapeHTML()
- UnescapeURL()