Open Exchange
Global Masters
Home / Class Reference / %SYS namespace / OAuth2.Server.AccessToken
Private  Storage   


persistent class OAuth2.Server.AccessToken extends

Access tokens are managed by the persistent class OAuth2.Server.AccessToken. OAuth2.Server.AccessToken stores the access token and related properties. This class is also the means of communication between the various parts of the authorization server. This class is used internally by InterSystems IRIS. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class.


Parameters Properties Methods Queries Indices ForeignKeys Triggers
22 15 4


AccessToken AccessTokenExpires Aud AuthTime
AuthorizationCode AuthorizationCodeExpires ClientId GrantType
Hash IDToken Issuer Properties
RedirectURL RefreshToken RefreshTokenExpires ResponseMode
ResponseType Scope ScopeArray Stage
State Username

%AddToSaveSet %AddToSyncSet %BMEBuilt %BuildIndicesAsync
%BuildIndicesAsyncResponse %CheckConstraints %CheckConstraintsForExtent %ClassIsLatestVersion
%ClassName %ComposeOid %ConstructClone %Delete
%DeleteExtent %DeleteId %DispatchClassMethod %DispatchGetModified
%DispatchGetProperty %DispatchMethod %DispatchSetModified %DispatchSetMultidimProperty
%DispatchSetProperty %Exists %ExistsId %Extends
%GUID %GUIDSet %GetLock %GetParameter
%GetSwizzleObject %Id %InsertBatch %IsA
%IsModified %IsNull %KillExtent %KillExtentData
%LoadFromMemory %LockExtent %LockId %New
%NormalizeObject %ObjectIsNull %ObjectModified %Oid
%OnBeforeAddToSync %OnDetermineClass %Open %OpenId
%OriginalNamespace %PackageName %PhysicalAddress %PurgeIndices
%Reload %RemoveFromSaveSet %ResolveConcurrencyConflict %RollBack
%Save %SaveDirect %SaveIndices %SerializeObject
%SetModified %SortBegin %SortEnd %SyncObjectIn
%SyncTransport %UnlockExtent %UnlockId %ValidateIndices
%ValidateObject Delete OpenByCode OpenByIDToken
OpenByRefresh OpenByToken RevokeUser Save


• property AccessToken as %String(COLLATION="EXACT",MAXLEN=4096);
AccessToken is the access token as a string. The default access token is a random string. However, the access token is easily customized to have any structure required by the using application - for example a signed JWT.
• property AccessTokenExpires as %Integer;
AccessTokenExpires is the time in seconds from beginning of the Unix epoch when the access expires.
• property Aud as list of %String(MAXLEN=1024);
aud property from request which will be checked when validating token.
• property AuthTime as %Integer;
The time when the user was authenticated.
• property AuthorizationCode as %String(COLLATION="EXACT",MAXLEN=128) [ Required ];
AuthorizationCode is a random number which serves as the IDKey for this class and as the Authorization Code when required by the Authorization Code grant type. We use AuthorizationCode as the IDKey because it comes into existence first in the process of creating an access token
• property AuthorizationCodeExpires as %Integer;
AuthorizationCodeExpires is the time in seconds from the bginning of the Unix epoch when the Authorization code passed to the client expires for the Authorization Code grant type.
• property ClientId as %String(MAXLEN=1024);
ClientId is the client id for the client for which this token was issued.
• property GrantType as %String(VALUELIST=",A,I,P,C,J");
GrantType is the grant type that was used to create this access token: - "A" - Authorization Code - "I" - Implicit - "P" - Resource Owner Password Credentials - "C" - Client Credentials - "J" - JWT Authorization
• property Hash as %String(COLLATION="EXACT",MAXLEN=64);
SHA512 hash of the AccessToken to be used for indexing
• property IDToken as %String(MAXLEN=2048);
IDToken is the IDToken which is returned forf OpenID Connect requests
• property Issuer as %String(MAXLEN=1024);
The issuer of this access token.
• property Properties as %OAuth2.Server.Properties;
Properties is a %OAuth2.Server.Properties object that holds the various kinds of properties and claims that are used by the auhtorization server. The various classes which are involved in the authorization and authentication code flow use the properties argument (which is this token property) to communicate amongst themselves and with the authorization server.
See the definition of the %OAuth2.Server.Properties class for details about the propertyies and claims.
• property RedirectURL as %String(MAXLEN=1024);
The redirect used for the current token authorization
• property RefreshToken as %String(COLLATION="EXACT",MAXLEN=128);
RefreshToken is the refresh token as a random string that is used to refresh the access token.
• property RefreshTokenExpires as %Integer;
RefreshTokenExpires is the time in seconds from beginning of the Unix epoch when the refresh expires, or "" means does not expire.
• property ResponseMode as %String;
The response_mode of the access token request: query or fragment
• property ResponseType as %String;
The response_type of the access token request
• property Scope as %String(MAXLEN=1024);
Scope is a blank separated list of scopes that were used to issue this token.
• property ScopeArray as array of %String(MAXLEN=256);
An array of scopes and associated descriptions. This matches the scopes in the Scope property.
• property Stage as %String;
Stage reflects the stage of the authentication process and is used for error checking. Possible values of Stage: "new", "login:", "permission", "".
"" means process completed or not started.
in login: is the integer count of which login attempt is taking place.
• property State as %String(MAXLEN=1024);
State to be returned to requester in redirected response
• property Username as %String;
Username is the username specified and validated by during authentication. $char(0) means that authentication failed.


• method Delete() as %Status
Delete this access token
• classmethod OpenByCode(authorizationCode As %String, Output sc As %Status) as OAuth2.Server.AccessToken
Open the OAuth2.Server.AccessToken instance using AuthorizationCode.
• classmethod OpenByIDToken(IDToken As %String, Output sc As %Status) as OAuth2.Server.AccessToken
Open the OAuth2.Server.AccessToken instance using IDToken.
• classmethod OpenByRefresh(refreshToken As %String, Output sc As %Status) as OAuth2.Server.AccessToken
Open the OAuth2.Server.AccessToken instance using RefreshToken
• classmethod OpenByToken(accessToken As %String, Output sc As %Status) as OAuth2.Server.AccessToken
Open the OAuth2.Server.AccessToken instance using AccessToken.
• classmethod RevokeUser(username As %String, Output count As %Integer) as %Status
RevokeUser will delete all access tokens that are associated with the specified user. The count argument will be returned as the number of access tokens that were deleted.
• method Save() as %Status
Save this OAuth2.Server.AccessToken instance.


•index (AuthIndex on AuthorizationCode) [IdKey,Unique];
The IDKEY for the access token class.