Skip to main content

%OAuth2.JWT

deprecated class %OAuth2.JWT extends %Library.RegisteredObject

Method Inventory

Methods

deprecated classmethod GetJWK(JWKS As %DynamicObject, Alg As %String, Kid As %String) as %DynamicObject
This method is deprecated. Use the GetJWK method in %Net.JSON.JWKS instead.
deprecated classmethod JWTToObject(JWT As %String, LocalPrivate As %String = "", RemotePublic As %String = "", Output JOSE As %String, Output Body As %DynamicObject, Output Header As %DynamicObject, AcceptUnsecured As %Boolean = 0) as %Status
This method processes a JSON Web Token (JWT), performing decryption and/or signature verification operations as required.

Input parameters:

JWT - JSON Web Token

LocalPrivate - Local Private JWKS
RemotePublic - Remote Public JWKS
Output parameters:

JOSE - Output Array of Strings containing the algorithms used for Signature and/or Encryption operations performed on the JWT.
JOSE("sigalg") - Signature or MAC algorithm
JOSE("keyalg") - Key management algorithm
JOSE("encalg") - Content encryption algorithm

Body - Output Object representation of the claims contained in the JWT
Header - Output Object representation of the JWT header
AcceptUnsecured - Boolean value indicating whether to consider a JWT signed with "alg":"none" as valid. Default is false (0).
This method is deprecated. Use the Validate method in %Net.JSON.JWT instead.
deprecated classmethod ObjectToJWT(ByRef JOSE As %String, Body As %DynamicObject, LocalPrivate As %String = "", RemotePublic As %String = "", Output JWT As %String) as %Status
This method generates a JSON Web Token (JWT), performing signature and/or encryption operations as requested.

Input parameters:

JOSE - Array of Strings used to specify the JSON Object Signature and/or Encryption operations to be performed on the JWT

For JSON Web Signature (JWS):

JOSE("sigalg") - Signature or MAC algorithm, supported options:
"HS256", HMAC with SHA-256
"HS384", HMAC with SHA-384
"HS512", HMAC with SHA-512
"RS256", RSASSA-PKCS1-V1_5 using SHA-256
"RS384", RSASSA-PKCS1-V1_5 using SHA-384
"RS512", RSASSA-PKCS1-V1_5 using SHA-512
"ES256", ECDSA using P-256 and SHA-256
"ES384", ECDSA using P-384 and SHA-384
"ES512", ECDSA using P-521 and SHA-512

For JSON Web Encryption (JWE):

JOSE("keyalg") - Key management algorithm, supported options:
"RSA1_5", Encryption with RSAES-PKCS1-V1_5
"RSA-OAEP", Encryption with RSAES-OAEP

JOSE("encalg") - Content encryption algorithm, supported options:
"A128CBC-HS256", 128-bit AES in CBC mode with HMAC SHA-256
"A192CBC-HS384", 192-bit AES in CBC mode with HMAC SHA-384
"A256CBC-HS512", 256-bit AES in CBC mode with HMAC SHA-512

Note, JOSE("keyalg") and JOSE("encalg") must both be specified or null.

If JWS and JWE are both specified the JWT will be signed, then encrypted.

JOSE("jku") - If defined, the JWK Url will be included in the JOSE header.
The relevant URL value must be included in JOSE("jku_local") or JOSE("jku_remote").

JOSE("jwk") - If defined, the JWK public key will be included in the JOSE header.
If performing a signature, the local public JWKS must be included in the JOSE("jwks_local")

Body - Object representation of the Claims contained in the JWT

LocalPrivate - Local Private JWKS

RemotePublic - Remote Public JWKS
Output parameter:

JWT - JSON Web Token
This method is deprecated. Use the Create method in %Net.JSON.JWT instead.

Inherited Members

Inherited Methods

FeedbackOpens in a new tab