Skip to main content

%OAuth2.Server.Authenticate

class %OAuth2.Server.Authenticate extends %CSP.Page

%OAuth2.Server.Authenticate acts as the subclass for all user written Authenticate classes as well as being the default Authenticate class. The Authenticate class is used by Authorization Endpoint at OAuth2.Server.Auth to authenticate the user. This class allows the customization of the authentication process.
The following methods may be implemented to override the default in OAuth2.Server: DirectLogin, DisplayLogin and DisplayPermissions.
The scope argument to all of these methods is a %ArrayOfDatatypes where the keys are scope values and the values are the display form of the scope value.
The CSS style is defined in DrawStyle.
loginForm is for DisplayLogin
permissionForm is for DisplayPermissions
Customer can modify these CSS to tailor desired look and feel.

Method Inventory

Parameters

parameter DOMAIN = %OAuth2Login;
Login page localization domain

Methods

classmethod AfterAuthenticate(scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties) as %Status
The AfterAuthenticate method of the Authenticate class is called after any authentication is completed (including if the authentication is cookie based) to allow the scope or properties associated with the request to be modified based on scope values or request parameters. AfterAuthenticate may add properties to the authentication HTTP response, by adding them to properties.ResponseProperties.
classmethod BeforeAuthenticate(scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties) as %Status
The BeforeAuthenticate method of the Authenticate class is called before any authentication takes place to allow the scope or claims associated with the request to be modified based on scope values or request parameters.
classmethod DelegatedAuthentication(properties As %OAuth2.Server.Properties, localRedirectURL As %String, Output delegatedAuthenticationURL As %String) as %Status
DelegatedAuthentication can be used to redirect the flow of the authorization process to another authentication system, such as an OpenID Connect Identity Provider. If it is not null, the resource owner will be redirected to delegatedAuthenticationURL. localRedirectURL is a URL that the delegated authentication service should redirect to after completion in order to reinsert the user back into the original authorization flow. This method may set values of the properties.CustomProperties array that may be used in the ValidateDelegatedAuthentication method of the Validate class.
classmethod DirectLogin(scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, Output username As %String, Output password As %String) as %Status
If DirectLogin chooses to do authentication by some means other than display of the user login form, DirectLogin sets the username and password arguments which will later be used to obtain the properties associated with the access token and to generate the token. If username is set to $char(0), then the access_denied error will be returned.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument.
classmethod Display2FA(authorizationCode As %String, scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, loginCount As %Integer = 1) as %Status
Display2fa is responsible for writing out the HTML to display an HTML form to allow the user to perform two factor authentication.The form should include a 2FAToken field and an AuthorizationCode hidden field. The Authorization code hidden field is inserted by Display2fa using the InsertHiddenField method of %CSP.Page. The form will normally be submitted using a button named "Login". If it is submitted with a button named "Accept", then the page will skip calling DisplayPermissions to authorize the scopes. If this done, the page should display the requested scopes prior to submitting. If the form is submitted using a button named Cancel, then the authorization process will terminate with an error return of access_denied.
loginCount is the integer count of which login attempt is taking place.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument.
classmethod DisplayLogin(authorizationCode As %String, scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, loginCount As %Integer = 1) as %Status
DisplayLogin is responsible for writing out the HTML to display the user login form. The login form must contain a Username field, a Password field and an AuthorizationCode hidden field. The Authorization code hidden field is inserted by DisplayLogin using the InsertHiddenField method of %CSP.Page. The form will normally be submitted using a button named "Login". If it is submitted with a button named "Accept", then the page will skip calling DisplayPermissions to authorize the scopes. If this done, the page should display the requested scopes prior to submitting. If the form is submitted using a button named Cancel, then the authorization process will terminate with an error return of access_denied.
loginCount is the integer count of which login attempt is taking place.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument. In addition, any submitted values with name beginning with p_ (i.e. the element name begins with p_) will be copied to the properties.CustomProperties array with the p_ prefix removed from the name.
classmethod DisplayPermissions(authorizationCode As %String, scopeArray As %ArrayOfDataTypes, currentScopeArray As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties) as %Status
DisplayPermissions is responsible for writing out the HTML to display the user accept permissions form.
The accept permissions form should display the already obtained scopes in display format based on currentScopeArray.
The accept permissions form should display the requested scopes in display format based on scopeArray.
The Authorization code hidden field is inserted by DisplayPermissions using the InsertHiddenField method of %CSP.Page. The form should be submitted using a button named "Accept". If the form is submitted using a button named Cancel, then the authorization process will terminate with an error return of access_denied.
This method may directly look at the request properties and set properties for GenerateAccessToken using the properties array argument. In addition, any submitted values with name beginning with p_ (i.e. the element name begins with p_) will be copied to the properties.CustomProperties array with the p_ prefix removed from the name.
classmethod Draw2FAHead(TITLE2FA, MSGTOKEN)
classmethod DrawAcceptHead(ACCEPTHEADTITLE)
classmethod DrawFooter()
classmethod DrawLoginHead(LOGINHEADTITLE, MSGUSERNAME, MSGPASSWORD, MSGUSERNAMEPASSWORD)
classmethod DrawStyle()
classmethod GetLanguageList() as %List
The GetLanguageList method returns a comma separated list of the languages that are supported for the message domain used for this class. This language list is returned as the ui_locales server metadata property.

Inherited Members

Inherited Methods

FeedbackOpens in a new tab