persistent class OAuth2.AccessToken
OAuth2.AccessToken stores an OAuth 2.0 access token and its related information.
OAuth2.AccessToken is indexed by the combination of SessionId and ApplicationName.
Therefore, only one scope may be requested for each SessionId/ApplicationName.
If a second request is made with a different scope and access token has yet been granted,
the scope in the new request becomes the expected scope.
The access token
as %String(COLLATION="EXACT",MAXLEN=64,MINLEN=1) [ Required ];
This access token is linked to this client application.
Error object for error during authorization
The time when the token expires in seconds since December 31st, 1840 (i.e. since beginning of $h)
GrantType is the grant type that was used to create this access token:
- "A" - Authorization Code
- "I" - Implicit
- "P" - Resource Owner Password Credentials
- "C" - Client Credentials
- "J" - JWT Authorization
SHA512 hash of the AccessToken to be used for indexing
SHA512 hash of the IDToken to be used for indexing
Nonce for OpenID Connect request. This nonce must be included in the IDToken.
The refresh token that is returned by the authorization server or "".
The response_mode of the access token request: query or fragment
as array of %String(MAXLEN=2048);
ResponseProperties contains the response properties from the access token request
where the key is the property name and the value is the property value.
The response_type of the access token request
Blank separated list of scope names which this token supports
as %String(COLLATION="EXACT") [ Required ];
This access token is linked to the session whose id is here.
The base64 encoded random state associated with request to Authorization Server.
as %Boolean [ InitialExpression = 0 ];
If TemporarySession is true, then this access token object was created for a temproary session by %OAuth2.Login.
This object should not be deleted by the end session event handler.
The token type that is returned from the authorization server.
Clear the error.
Return if an error been set.
Check if this token is expired
Is this an OpenID authorization request? Find out by looking for openid scope.
classmethod Open(accessToken As %String, Output sc As %Status)
Open an OAuth2.AccessToken instance based on the AccessToken property
classmethod OpenByIDToken(IDToken As %String, Output sc As %Status)
Open an OAuth2.AccessToken instance based on the IDToken property
classmethod OpenForSession(applicationName As %String, sessionId As %String, Output sc As %Status)
Open an OAuth2.AccessToken instance based on the session and client application that it is linked to.
Remove this token from the client
method SetError(error As %OAuth2.Error)
Set the error.