persistent class OAuth2.Server.AccessToken
Access tokens are managed by the persistent class OAuth2.Server.AccessToken.
OAuth2.Server.AccessToken stores the access token and related properties.
This class is also the means of communication between the various parts of the authorization server.
This class is used internally by InterSystems IRIS. You should not make direct
use of it within your applications. There is no guarantee made about either
the behavior or future operation of this class.
AccessToken is the access token as a string. The default access token is a random string.
However, the access token is easily customized to have any structure required by the using
application - for example a signed JWT.
AccessTokenExpires is the time in seconds from beginning of the Unix epoch when the access expires.
as list of %String(MAXLEN=1024);
aud property from request which will be checked when validating token.
The time when the user was authenticated.
as %String(COLLATION="EXACT",MAXLEN=128) [ Required ];
AuthorizationCode is a random number which serves as the IDKey for this class and
as the Authorization Code when required by the Authorization Code grant type.
We use AuthorizationCode as the IDKey because it comes into existence first in the process of creating an access token
AuthorizationCodeExpires is the time in seconds from the bginning of the Unix epoch when the
Authorization code passed to the client expires for the Authorization Code grant type.
ClientId is the client id for the client for which this token was issued.
GrantType is the grant type that was used to create this access token:
- "A" - Authorization Code
- "I" - Implicit
- "P" - Resource Owner Password Credentials
- "C" - Client Credentials
- "J" - JWT Authorization
SHA512 hash of the AccessToken to be used for indexing
IDToken is the IDToken which is returned forf OpenID Connect requests
The issuer of this access token.
Properties is a %OAuth2.Server.Properties object that holds the various kinds of properties
and claims that are used by the auhtorization server.
The various classes which are involved in the authorization and authentication code flow
use the properties argument (which is this token property) to communicate amongst
themselves and with the authorization server.
See the definition of the %OAuth2.Server.Properties class for details about the propertyies and claims.
The redirect used for the current token authorization
RefreshToken is the refresh token as a random string that is used to refresh the access token.
RefreshTokenExpires is the time in seconds from beginning of the Unix epoch when
the refresh expires, or "" means does not expire.
The response_mode of the access token request: query or fragment
The response_type of the access token request
Scope is a blank separated list of scopes that were used to issue this token.
as array of %String(MAXLEN=256);
An array of scopes and associated descriptions. This matches the scopes in the Scope property.
Stage reflects the stage of the authentication process and is used for error checking.
Possible values of Stage: "new", "login:", "permission", "".
"" means process completed or not started.
in login: is the integer count of which login attempt is taking place.
State to be returned to requester in redirected response
Username is the username specified and validated by during authentication.
$char(0) means that authentication failed.
Delete this access token
classmethod OpenByCode(authorizationCode As %String, Output sc As %Status)
Open the OAuth2.Server.AccessToken instance using AuthorizationCode.
classmethod OpenByIDToken(IDToken As %String, Output sc As %Status)
Open the OAuth2.Server.AccessToken instance using IDToken.
classmethod OpenByRefresh(refreshToken As %String, Output sc As %Status)
Open the OAuth2.Server.AccessToken instance using RefreshToken
classmethod OpenByToken(accessToken As %String, Output sc As %Status)
Open the OAuth2.Server.AccessToken instance using AccessToken.
classmethod RevokeUser(username As %String, Output count As %Integer)
RevokeUser will delete all access tokens that are associated with the specified user.
The count argument will be returned as the number of access tokens that were deleted.
Save this OAuth2.Server.AccessToken instance.
index (AuthIndex on AuthorizationCode) [IdKey,Unique];
The IDKEY for the access token class.