Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [OAuth2] >  [AccessToken]
Private  Storage   

persistent class OAuth2.AccessToken extends %Persistent

OAuth2.AccessToken stores an OAuth 2.0 access token and its related information.
OAuth2.AccessToken is indexed by the combination of SessionId and ApplicationName. Therefore, only one scope may be requested for each SessionId/ApplicationName. If a second request is made with a different scope and access token has yet been granted, the scope in the new request becomes the expected scope.


Parameters Properties Methods Queries Indices ForeignKeys Triggers
19 14


AccessToken ApplicationName Error Expires
GrantType Hash IDHash IDToken
Nonce RefreshToken ResponseMode ResponseProperties
ResponseType Scope SessionId State
TemporarySession TokenType

%AddToSaveSet %AddToSyncSet %BMEBuilt %CheckConstraints
%CheckConstraintsForExtent %ClassIsLatestVersion %ClassName %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %Exists
%ExistsId %Extends %GUID %GUIDSet
%GetLock %GetParameter %GetSwizzleObject %Id
%InsertBatch %IsA %IsModified %IsNull
%KillExtent %KillExtentData %LoadFromMemory %LockExtent
%LockId %New %NormalizeObject %ObjectIsNull
%ObjectModified %Oid %OnBeforeAddToSync %OnDetermineClass
%Open %OpenId %OriginalNamespace %PackageName
%PhysicalAddress %PurgeIndices %Reload %RemoveFromSaveSet
%ResolveConcurrencyConflict %RollBack %Save %SaveDirect
%SaveIndices %SerializeObject %SetModified %SortBegin
%SortEnd %SyncObjectIn %SyncTransport %UnlockExtent
%UnlockId %ValidateIndices %ValidateObject ClearError
IsError IsExpired IsOpenID Open
OpenByIDToken OpenForSession Remove SetError


• property AccessToken as %String(COLLATION="EXACT",MAXLEN=2048);
The access token
• property ApplicationName as %String(COLLATION="EXACT",MAXLEN=64,MINLEN=1) [ Required ];
This access token is linked to this client application.
• property Error as %OAuth2.Error;
Error object for error during authorization
• property Expires as %Integer;
The time when the token expires in seconds since December 31st, 1840 (i.e. since beginning of $h)
• property GrantType as %String(VALUELIST=",A,I,P,C,J");
GrantType is the grant type that was used to create this access token: - "A" - Authorization Code - "I" - Implicit - "P" - Resource Owner Password Credentials - "C" - Client Credentials - "J" - JWT Authorization
• property Hash as %String(COLLATION="EXACT",MAXLEN=64);
SHA512 hash of the AccessToken to be used for indexing
• property IDHash as %String(COLLATION="EXACT",MAXLEN=64);
SHA512 hash of the IDToken to be used for indexing
• property IDToken as %String(COLLATION="EXACT",MAXLEN=2048);
The IDToken
• property Nonce as %String;
Nonce for OpenID Connect request. This nonce must be included in the IDToken.
• property RefreshToken as %String(MAXLEN=1024);
The refresh token that is returned by the authorization server or "".
• property ResponseMode as %String;
The response_mode of the access token request: query or fragment
• property ResponseProperties as array of %String(MAXLEN=2048);
ResponseProperties contains the response properties from the access token request where the key is the property name and the value is the property value.
• property ResponseType as %String;
The response_type of the access token request
• property Scope as %String(MAXLEN=1024);
Blank separated list of scope names which this token supports
• property SessionId as %String(COLLATION="EXACT") [ Required ];
This access token is linked to the session whose id is here.
• property State as %String(COLLATION="EXACT",MAXLEN=1024);
The base64 encoded random state associated with request to Authorization Server.
• property TemporarySession as %Boolean [ InitialExpression = 0 ];
If TemporarySession is true, then this access token object was created for a temproary session by %OAuth2.Login. This object should not be deleted by the end session event handler.
• property TokenType as %String;
The token type that is returned from the authorization server.


• method ClearError()
Clear the error.
• method IsError() as %Boolean
Return if an error been set.
• method IsExpired() as %Boolean
Check if this token is expired
• method IsOpenID() as %Boolean
Is this an OpenID authorization request? Find out by looking for openid scope.
• classmethod Open(accessToken As %String, Output sc As %Status) as OAuth2.AccessToken
Open an OAuth2.AccessToken instance based on the AccessToken property
• classmethod OpenByIDToken(IDToken As %String, Output sc As %Status) as OAuth2.AccessToken
Open an OAuth2.AccessToken instance based on the IDToken property
• classmethod OpenForSession(applicationName As %String, sessionId As %String, Output sc As %Status) as OAuth2.AccessToken
Open an OAuth2.AccessToken instance based on the session and client application that it is linked to.
• method Remove() as %Status
Remove this token from the client
• method SetError(error As %OAuth2.Error)
Set the error.

Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.