Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [OAuth2] >  [Client]
Private  Storage   

persistent class OAuth2.Client extends %Persistent

The OAuth2.Application class describes an OAuth2 client and references the Authorization server that it uses to authorize the application based on RFC 6749. A client system may be used with multiple authorization servers for different applications.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
22 22 2 1


Summary

Properties
ApplicationName AuthenticationType ClientCredentials ClientId
ClientPassword ClientSecret ClientType DefaultScope
Description Enabled EncryptionAlgorithm JWTInterval
KeyAlgorithm Metadata RedirectionEndpoint SSLConfiguration
ServerDefinition SigningAlgorithm

Methods
%AddToSaveSet %AddToSyncSet %BMEBuilt %CheckConstraints
%CheckConstraintsForExtent %ClassIsLatestVersion %ClassName %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %Exists
%ExistsId %Extends %GUID %GUIDSet
%GetLock %GetParameter %GetSwizzleObject %Id
%InsertBatch %IsA %IsModified %IsNull
%KillExtent %KillExtentData %LoadFromMemory %LockExtent
%LockId %New %NormalizeObject %ObjectIsNull
%ObjectModified %Oid %OnBeforeAddToSync %OnDetermineClass
%Open %OpenId %OriginalNamespace %PackageName
%PhysicalAddress %PurgeIndices %Reload %RemoveFromSaveSet
%ResolveConcurrencyConflict %RollBack %Save %SaveDirect
%SaveIndices %SerializeObject %SetModified %SortBegin
%SortEnd %SyncObjectIn %SyncTransport %UnlockExtent
%UnlockId %ValidateIndices %ValidateObject DeleteId
Open RotateKeys


Properties

• property ApplicationName as %String(MAXLEN=64,MINLEN=1) [ Required ];
The ApplicationName identifies this application (clien + authorization server) configuration.
Chosen by user during configuration.
• property AuthenticationType as %String(VALUELIST=",none,basic,body,client_secret_jwt,private_key_jwt") [ InitialExpression = "basic" ];
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
The type of authentication (as specified in RFC 6749 or OpenID Connect Core section 9) to be used for HTTP requests to the authorization server.
• property ClientCredentials as %String;
ClientCredentials is the alias of the %SYS.X509Credentials object which contains the client's certificate and private key.
• property ClientId as %String(MAXLEN=1024);
The client id that is supplied during client registration.
Required for all ClientTypes.
• property ClientPassword as %String(MAXLEN=128);
ClientPassword is the password for the private key in ClientCredentials if the password is not in the %SYS.X5009Credentials object
• property ClientSecret as %String(MAXLEN=1024);
The client secret that is supplied during client registration.
Required if ClientType is confidential or resource server.
• property ClientType as %String(VALUELIST=",public,confidential,resource") [ Required ];
The type of client configuration:
public - a public client. See RFC 6749 confidential - a confidential client. See RFC 6749 resource - a resource server which is not also a client.
Chosen by user during configuration. Will usually be confidential client for an InterSystems IRIS application.
• property DefaultScope as %String(MAXLEN=1024);
The default scope, as a blank separated list, for access token requests.
Chosen by user during configuration.
• property Description as %String(MAXLEN=256);
Description of the application.
Chosen by user during configuration.
• property Enabled as %Boolean [ InitialExpression = 1,Required ];
True if client application is enabled.
Chosen by user during configuration.
• property EncryptionAlgorithm as %String(VALUELIST=",A128CBC-HS256,A192CBC-HS384,A256CBC-HS512");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
EncryptionAlgorithm specifies the encryption algorithm used to create JWEs or "" if JWTs are not to be encrypted. See %OAuth2.JWT for the list of supported algorithms. If EncryptionAlgorithm is specified, KeyAlgorithm must also be specified.
• property JWTInterval as %Integer [ InitialExpression = 60 ];
JWTInterval is the interval in seconds after which a JWT expires which is used for client_secret_jwt or private_key_jwt authentication types. The default is 1 minute. There should be no need to change the default since this JWT may only be used once.
• property KeyAlgorithm as %String(VALUELIST=",RSA1_5,RSA-OAEP");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
KeyAlgorithm specifies the key management algorithm used to create JWEs or "" if JWTs are not to be encrypted. See %OAuth2.JWT for the list of supported algorithms. If KeyAlgorithm is specified, EncryptionAlgorithm must also be specified.
• property Metadata as OAuth2.Client.Metadata;
The meta data which describes this client.
• property RedirectionEndpoint as OAuth2.Endpoint;
The endpoint object for the URL to be used by the authorization server to return the response to an authorization request.
Required if ClientType is public or confidential, Chosen by user during configuration.
• property SSLConfiguration as %String(MAXLEN=64,MINLEN=1) [ Required ];
The name of the activated TLS/SSL configuration to use for authorization server requests.
Chosen by user during configuration.
• relationship ServerDefinition as OAuth2.ServerDefinition [ Inverse = Clients,Cardinality = one ];
ServerDefinition is the reference to the OAuth2.ServerDefinition object which describes the authorization server to be used for this client.
• property SigningAlgorithm as %String(VALUELIST=",RS256,RS384,RS512");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
SigningAlgorithm specifies the signing algorithm used to create JWSs or "" if JWTs are not to be signed. See %OAuth2.JWT for the list of supported algorithms.

Methods

• classmethod DeleteId(id As %String) as %Status
Delete this client configuration.
• classmethod Open(applicationName As %String, Output sc As %Status) as OAuth2.Client
Open an OAuth2.Client instance based on the applicationName ID property
• method RotateKeys() as %Status
Rotate the client's public/private key pairs by adding a new key pair to the JWKS and saving the JWKS. At this time, all private keys are kept. In the future only a limited set of private keys will be kept.

Queries

• query List()
SQL Query :
SELECT ApplicationName, ClientType, DefaultScope FROM Client
ORDER BY ApplicationName
List client applications for SMP page
• query ListForServer(serverID As %String)
SQL Query :
SELECT ApplicationName, ClientType, DefaultScope FROM Client
WHERE ServerDefinition->ID=:serverID
ORDER BY ApplicationName
List client applications that use the sppecified server

Indices

•index (IDIndex on ApplicationName) [IdKey,Unique];
The IDKEY for the application class.


Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.