Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [OAuth2] >  [Client]
Private  Storage   

persistent class OAuth2.Client extends %Persistent

The OAuth2.Application class describes an OAuth2 client and references the Authorization server that it uses to authorize the application based on RFC 6749. A client system may be used with multiple authorization servers for different applications.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
22 22 2 1


Summary

Properties
%Concurrency ApplicationName AuthenticationType ClientCredentials
ClientId ClientPassword ClientSecret ClientType
DefaultScope Description Enabled EncryptionAlgorithm
JWKSFromCredentials JWTInterval KeyAlgorithm Metadata
PrivateJWKS PublicJWKS RedirectionEndpoint RemotePublicJWKS
SSLConfiguration ServerDefinition SigningAlgorithm

Methods
%%OIDGet %1Check %AddJrnObjToSyncSet %AddToSaveSet
%AddToSyncSet %BMEBuilt %BindExport %BuildIndices
%BuildIndicesSegment %BuildObjectGraph %CheckConstraints %CheckConstraintsForExtent
%ClassIsLatestVersion %ClassName %Close %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %DowngradeConcurrency
%ExecuteAfterTriggers %ExecuteBeforeTriggers %Exists %ExistsId
%Extends %FileIndices %FileIndicesBuffered %GUID
%GUIDSet %GetLock %GetParameter %GetSwizzleObject
%Id %IncrementCount %InsertBatch %IsA
%IsModified %IsNull %JournalObject %KillExtent
%KillExtentData %LoadFromMemory %LockExtent %LockId
%New %NormalizeObject %ObjectIsNull %ObjectModified
%Oid %OnBeforeAddToSync %OnDelete %OnDetermineClass
%Open %OpenId %OriginalNamespace %PackageName
%PhysicalAddress %PurgeIndices %Reload %RemoveFromSaveSet
%ResolveConcurrencyConflict %RollBack %SQLAcquireLock %SQLAcquireTableLock
%SQLAfterTriggers %SQLBeforeTriggers %SQLBuildIndices %SQLBuildPurgeIndexForRow
%SQLBuildPurgeIndices %SQLCheckUnique %SQLCheckUniqueIndices %SQLCheckUniqueKeys
%SQLCopyIcolIntoName %SQLCopyNameIntoIcol %SQLCreateInsDelTables %SQLDefineiDjVars
%SQLDelete %SQLDeleteChildren %SQLDeleteTempStreams %SQLEExit
%SQLExists %SQLFKeyDelLock %SQLFastInsert %SQLFieldValidate
%SQLGetLock %SQLGetOld %SQLGetOldAll %SQLGetOldIndex
%SQLInsert %SQLInsertComputes %SQLInsertStreams %SQLInvalid
%SQLInvalid2 %SQLMVDelete %SQLMVIndexDelete %SQLMVIndexInsert
%SQLMVIndexUpdate %SQLMVInsert %SQLMVUpdate %SQLMissing
%SQLNormalizeCompFields %SQLNormalizeFields %SQLPurgeIndices %SQLQuickBulkInsert
%SQLQuickBulkLoad %SQLQuickBulkSave %SQLQuickBulkUpdate %SQLQuickDelete
%SQLQuickDeleteChildren %SQLQuickFindPKeyByRowID %SQLQuickFindRowIDByPKey %SQLQuickInsert
%SQLQuickLoad %SQLQuickLoadChildren %SQLQuickLogicalToOdbc %SQLQuickOdbcToLogical
%SQLQuickUpdate %SQLReleaseLock %SQLReleaseTableLock %SQLStorageValidation
%SQLTrigDelTab %SQLTrigInsTab %SQLUnlock %SQLUnlock2
%SQLUnlockError %SQLUnlockRef %SQLUpdate %SQLUpdateComputes
%SQLUpdateStreams %SQLValidateCompFields %SQLValidateFields %SQLicompView
%SQLnBuild %Save %SaveDirect %SaveIndices
%SerializeObject %SetModified %SortBegin %SortEnd
%SyncObjectIn %SyncTransport %UnlockExtent %UnlockId
%UpgradeConcurrency %ValidateIndices %ValidateObject AuthenticationTypeGet
AuthenticationTypeSet DeleteId EncryptionAlgorithmGet EncryptionAlgorithmSet
GetReturnedMetadata JWTIntervalGet KeyAlgorithmGet KeyAlgorithmSet
Open ReadClient RegisterClient RotateKeys
SigningAlgorithmGet SigningAlgorithmSet UpdateMetadata Upgrade


Properties

• property ApplicationName as %String(MAXLEN=64,MINLEN=1) [ Required ];
The ApplicationName identifies this application (clien + authorization server) configuration.
Chosen by user during configuration.
• property AuthenticationType as %String(VALUELIST=",none,basic,body,client_secret_jwt,private_key_jwt") [ InitialExpression = "basic" ];
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
The type of authentication (as specified in RFC 6749 or OpenID Connect Core section 9) to be used for HTTP requests to the authorization server.
• property ClientCredentials as %String;
ClientCredentials is the alias of the %SYS.X509Credentials object which contains the client's certificate and private key.
• property ClientId as %String(MAXLEN=1024);
The client id that is supplied during client registration.
Required for all ClientTypes.
• property ClientPassword as %String(MAXLEN=128);
ClientPassword is the password for the private key in ClientCredentials if the password is not in the %SYS.X5009Credentials object
• property ClientSecret as %String(MAXLEN=1024);
The client secret that is supplied during client registration.
Required if ClientType is confidential or resource server.
• property ClientType as %String(VALUELIST=",public,confidential,resource") [ Required ];
The type of client configuration:
public - a public client. See RFC 6749 confidential - a confidential client. See RFC 6749 resource - a resource server which is not also a client.
Chosen by user during configuration. Will usually be confidential client for an InterSystems IRIS application.
• property DefaultScope as %String(MAXLEN=1024);
The default scope, as a blank separated list, for access token requests.
Chosen by user during configuration.
• property Description as %String(MAXLEN=256);
Description of the application.
Chosen by user during configuration.
• property Enabled as %Boolean [ InitialExpression = 1,Required ];
True if client application is enabled.
Chosen by user during configuration.
• property EncryptionAlgorithm as %String(VALUELIST=",A128CBC-HS256,A192CBC-HS384,A256CBC-HS512");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
EncryptionAlgorithm specifies the encryption algorithm used to create JWEs or "" if JWTs are not to be encrypted. See %OAuth2.JWT for the list of supported algorithms. If EncryptionAlgorithm is specified, KeyAlgorithm must also be specified.
• property JWKSFromCredentials as %Boolean [ InitialExpression = 0 ];
JWKSFromCredentials is true if the JWKSs were created from ClientCredentials<>br> This property should never be set directly for configuration.
• property JWTInterval as %Integer [ InitialExpression = 60 ];
JWTInterval is the interval in seconds after which a JWT expires which is used for client_secret_jwt or private_key_jwt authentication types. The default is 1 minute. There should be no need to change the default since this JWT may only be used once.
• property KeyAlgorithm as %String(VALUELIST=",RSA1_5,RSA-OAEP");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
KeyAlgorithm specifies the key management algorithm used to create JWEs or "" if JWTs are not to be encrypted. See %OAuth2.JWT for the list of supported algorithms. If KeyAlgorithm is specified, EncryptionAlgorithm must also be specified.
• property Metadata as OAuth2.Client.Metadata;
The meta data which describes this client.
• property PrivateJWKS as %String(MAXLEN="");
PrivateJWKS is the JWKS which contains the private asymmetric keys for this client. If ClientCredentials is specified, then PrivateJWKS is created using the public/private key pair specified by these credentials. Otherwise, we generate the private/public keys pairs.
This property should never be set directly for configuration.
• property PublicJWKS as %String(MAXLEN="");
PublicJWKS is the JWKS which contains the public asymmetric keys for this client which are to be made available via the jwks_uri metadata property. If ClientCredentials is specified, then PublicJWKS is created along with PrivateJWKS using the public/private key pair specified by these credentials. Otherwise, we generate the private/public keys pairs.
This property should never be set directly for configuration.
• property RedirectionEndpoint as OAuth2.Endpoint;
The endpoint object for the URL to be used by the authorization server to return the response to an authorization request.
Required if ClientType is public or confidential, Chosen by user during configuration.
• property RemotePublicJWKS as %String(MAXLEN="");
RemotePublicJWKS is the JWKS which contains the public asymmetric keys for the authorization server (from OAuth2.ServerDefinition PublicJWKS) with client_secret added as symmetric keys.
This property should never be set directly for configuration.
• property SSLConfiguration as %String(MAXLEN=64,MINLEN=1) [ Required ];
The name of the activated TLS/SSL configuration to use for authorization server requests.
Chosen by user during configuration.
• relationship ServerDefinition as OAuth2.ServerDefinition [ Inverse = Clients,Cardinality = one ];
ServerDefinition is the reference to the OAuth2.ServerDefinition object which describes the authorization server to be used for this client.
• property SigningAlgorithm as %String(VALUELIST=",RS256,RS384,RS512");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
SigningAlgorithm specifies the signing algorithm used to create JWSs or "" if JWTs are not to be signed. See %OAuth2.JWT for the list of supported algorithms.

Methods

• private method %OnAddToSaveSet(depth As %Integer = 3, insert As %Integer = 0, callcount As %Integer = 0) as %Status
This callback method is invoked when the current object is added to the SaveSet, either because %Save() was invoked on this object or on an object that references this object. %OnAddToSaveSet can modify the current object. It can also add other objects to the current SaveSet by invoking %AddToSaveSet or remove objects by calling %RemoveFromSaveSet.

If this method returns an error status then %Save() will fail and the transaction will be rolled back.

• private method %OnBeforeSave(insert As %Boolean) as %Status
This callback method is invoked by the %Save method to provide notification that the object is being saved. It is called before any data is written to disk.

insert will be set to 1 if this object is being saved for the first time.

If this method returns an error then the call to %Save will fail.

• classmethod %OnDelete(oid As %ObjectIdentity) as %Status
This callback method is invoked by the %Delete method to provide notification that the object specified by oid is being deleted.

If this method returns an error then the object will not be deleted. [Previously private]

• private method %OnNew() as %Status
Get a new OAuth2.Client instance.
• private method %OnValidateObject() as %Status
This callback method is invoked by the %ValidateObject method to provide notification that the current object is being validated.

If this method returns an error then %ValidateObject will fail.

• method AuthenticationTypeGet() as %String
Get value from metadata for compatibility
• method AuthenticationTypeSet(authenticationType As %String) as %Status
Store value in metadata for compatibility
• classmethod DeleteId(id As %String) as %Status
Delete this client configuration.
• method EncryptionAlgorithmGet() as %String
No value for kinds of JWTs
• method EncryptionAlgorithmSet(encryptionAlgorithm As %String) as %Status
Store value in metadata for compatibility
• method GetReturnedMetadata()
Update the client configuration based on the metadata response returned during dynamic registration.
• method JWTIntervalGet() as %Integer
Use a getter method to force default value for existing client configurations.
• method KeyAlgorithmGet() as %String
No value for kinds of JWTs
• method KeyAlgorithmSet(keyAlgorithm As %String) as %Status
Store value in metadata for compatibility
• classmethod Open(applicationName As %String, Output sc As %Status) as OAuth2.Client
Open an OAuth2.Client instance based on the applicationName ID property
• method ReadClient() as %Status
Read the client metadata for this client using OpenID Connect Dynamic Client Registration. If successful, this client instance will be updated based on the registration.
• method RegisterClient() as %Status
Register this client using OpenID Connect Dynamic Client Registration. If successful, this client instance will be updated based on the registration.
• method RotateKeys() as %Status
Rotate the client's public/private key pairs by adding a new key pair to the JWKS and saving the JWKS. At this time, all private keys are kept. In the future only a limited set of private keys will be kept.
• method SigningAlgorithmGet() as %String
No value for kinds of JWTs
• method SigningAlgorithmSet(signingAlgorithm As %String) as %Status
Store value in metadata for compatibility
• method UpdateMetadata() as %Status
Update the client metadata. This method is called before creating the JSON string needed for dynamic client registration to update the metadata properties which can be changed after compile time.
• method Upgrade() as %Status
Upgrade OAuth2.Client instance when dynamic client support introduced

Queries

• query List()
SQL Query :
SELECT ApplicationName, ClientType, DefaultScope FROM Client
ORDER BY ApplicationName
List client applications for SMP page
• query ListForServer(serverID As %String)
SQL Query :
SELECT ApplicationName, ClientType, DefaultScope FROM Client
WHERE ServerDefinition->ID=:serverID
ORDER BY ApplicationName
List client applications that use the sppecified server

Indices

•index (IDIndex on ApplicationName) [IdKey,Unique];
The IDKEY for the application class.


Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.