Open Exchange
Global Masters
Home > Class Reference > %SYS namespace > OAuth2.Server.Auth
Private  Storage   


class OAuth2.Server.Auth extends

The authorization server supports the authorization control flow for the Authorization Code and Implicit grant types as specified in RFC 6749. The OAuth2.Server.Auth class is a subclass of %CSP.Page which acts as the Authorization Endpoint and controls the flow in accordance with RFC 6749. This class is used internally by InterSystems IRIS. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class.


Parameters Properties Methods Queries Indices ForeignKeys Triggers
1 42


%ClassIsLatestVersion %ClassName %Close
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty
%DispatchMethod %DispatchSetModified %DispatchSetMultidimProperty
%DispatchSetProperty %Extends %GetParameter
%IncrementCount %IsA %New
%OriginalNamespace %PackageName %SetModified
AddClaimValues AfterAuthenticate BeforeAuthenticate
CheckAlg ConvertParameter CopyAuthenticationProperties
Decrypt DirectLogin DisplayLogin
DisplayPermissions Encrypt EncryptBroker
EscapeHTML EscapeURL GenerateAccessToken
GenerateAccessTokenCustomization GetAuthenticateDomain GetOpenIDScope
GetQueryParameters GetRequestObject GetScopeArray
GetUser HyperEventBody HyperEventCall
HyperEventFrame HyperEventHead Include
InitializeRequestToken InsertHiddenField InsertHiddenFields
IsJWT IsPrivate JWTToObject
Link LoadRequest Login
Logout OnHTTPHeader OnPage
OnPageError OnPostHTTP OnPostHyperEvent
OnPreHTTP OnPreHyperEvent Page
PrepareResponse ProcessClaimsRequest ProcessFormResponse
ProcessRequest ProcessScope QuoteJS
RedirectResponse ReturnError ReturnSimpleError
RewriteURL SaveQueryParameters SaveRequestData
SendResponse SetScope SetScopeArray
ShowError StartTimer StopTimer
SupportedClaims ThrowError UnescapeHTML
UnescapeURL UpdateSession ValidateClient


• parameter HTTP200OK = "200 OK";


• classmethod AddClaimValues(token As OAuth2.Server.AccessToken, clientId As %String, sub As %String)
Add iss, sub, exp and aud to ClaimValues and client_id to CustomProperties if they are not already set.
• classmethod AfterAuthenticate(token As OAuth2.Server.AccessToken) as %Status
Execute AfterAuthenticate in the authenticate class
• classmethod BeforeAuthenticate(token As OAuth2.Server.AccessToken) as %Status
Execute BeforeAuthenticate in the authenticate class
• classmethod CheckAlg(expectedAlg As %String, actualAlg As %String) as %OAuth2.Error
• classmethod CopyAuthenticationProperties(client As OAuth2.Server.Client, token As OAuth2.Server.AccessToken)
Copy the properties that are needed by the Authentication Class from OAuth2.Server.Client to CustomProperties.
• classmethod DirectLogin(token As OAuth2.Server.AccessToken, Output password As %String) as %Status
Execute DirectLogin in the authenticate class
• classmethod DisplayLogin(token As OAuth2.Server.AccessToken) as %Status
Execute DisplayLogin in the authenticate class
• classmethod DisplayPermissions(token As OAuth2.Server.AccessToken) as %Status
Execute DisplayPermissions in the authenticate class
• classmethod GenerateAccessToken(token As OAuth2.Server.AccessToken) as %Status
Execute GenerateAccessToken callback. Optionally also obtain the IDToken.
• classmethod GenerateAccessTokenCustomization(properties As %OAuth2.Server.Properties, Output pSC As %Status) as %String
• classmethod GetAuthenticateDomain() as %String
Get the domain to use for the authenticate class
• classmethod GetOpenIDScope(openid As %Boolean, scope As %String) as %String
Get description of OpenID scope if the sacope is valid
• classmethod GetQueryParameters(client As OAuth2.Server.Client, Output requestParameters) as %String
Get request properties from %request and the request JWT. Return error description if invalid request.
• classmethod GetRequestObject(client As OAuth2.Server.Client, request As %String, ByRef requestParameters) as %String
Get request parameters from request object
• classmethod GetScopeArray(scope As %String) as %ArrayOfDataTypes
Get scope array
• classmethod GetUser(Output scope As %String, Output authTime As %Integer, Output sc As %Status) as %String
Execute GetUser session method
• classmethod InitializeRequestToken(client As OAuth2.Server.Client) as OAuth2.Server.AccessToken
Process the initial request from the client
• classmethod IsJWT(Output sc As %Status) as %Boolean
Execute IsJWT callback
• classmethod JWTToObject(client As OAuth2.Server.Client, jwt As %String, ByRef securityParameters As %String, ByRef jsonObject As %RegisteredObject) as %Status
Wrapper function to setup JWTToObject calls on auhtorization server
• classmethod LoadRequest(requestUri As %String, Output request As %String) as %String
Load request from request_uri specified location.
• classmethod Login(username As %String, scope As %String, interval As %Integer, authTime As %Integer) as %Status
Execute Login session method
• classmethod Logout()
Execute Logout session method
• classmethod OnPage() as %Status
Event handler for PAGE event: this is invoked in order to generate the content of a csp page.
• classmethod OnPreHTTP() as %Boolean
Event handler for PreHTTP event: this is invoked before the HTTP headers for a CSP page have been sent. All changes to the %CSP.Response class, such as adding cookies, HTTP headers, setting the content type etc. must be made from within the OnPreHTTP() method. Return 0 to prevent OnPage from being called.

OnPreHttp is used to control flow and redirect back to the requester. OnPage is where the actual authentication takes place.
• classmethod PrepareResponse(token As OAuth2.Server.AccessToken) as %Status
Finished authorization. Prepare for response.
• classmethod ProcessClaimsRequest(claimsMemberObject As %DynamicObject, claims As %ArrayOfObjects) as %String
Process userinfo and id_token members of the claims parameter
• classmethod ProcessFormResponse(client As OAuth2.Server.Client, token As OAuth2.Server.AccessToken)
Process the form response from the login page or permissions page
• classmethod ProcessRequest(client As OAuth2.Server.Client, Output token As OAuth2.Server.AccessToken)
Process the initial request from the client
• classmethod ProcessScope(server As OAuth2.Server.Configuration, client As OAuth2.Server.Client, ByRef scope As %String) as %OAuth2.Error
Handle scope rules
• classmethod RedirectResponse(client As OAuth2.Server.Client, token As OAuth2.Server.AccessToken)
Setup redirect for done
• private classmethod RedirectToSelf(token As OAuth2.Server.AccessToken)
Redirect to self with AuthorizationCode in order to display login or permissions.
• classmethod ReturnError(client As OAuth2.Server.Client, token As OAuth2.Server.AccessToken, error As %String, errorDescription As %String, sc As %Status)
Return error as redirected response
• classmethod ReturnSimpleError(error As %String, desc As %String, sc As %Status)
Return a simple error page, since no client could be identified
• classmethod SaveQueryParameters(ByRef requestParameters, requestParameterArray As %ArrayOfDataTypes)
Save the %request query parameters in the properties array.
• classmethod SaveRequestData(token As OAuth2.Server.AccessToken)
Save %request data whose name begins with p_ in properties
• classmethod SendResponse(token As OAuth2.Server.AccessToken, ByRef param As %String)
Send the response back to the client.
• classmethod SetScope(token As OAuth2.Server.AccessToken, scope As %String)
Set scope and scope array in the token as on blank spearated list of scopes.
• classmethod SetScopeArray(token As OAuth2.Server.AccessToken)
Set scope and scope array in the token baseed on array of scopes.
• classmethod SupportedClaims(Output sc As %Status) as %String
Execute SupportedClaims callback
• classmethod UpdateSession(scope As %String) as %Status
Execute UpdateSession session method
• classmethod ValidateClient(token As OAuth2.Server.AccessToken, clientId As %String, clientSecret As %String, Output sc As %Status) as %Boolean
Execute ValidateClient callback
• classmethod ValidateUser(token As OAuth2.Server.AccessToken, username As %String, password As %String, Output sc As %Status) as %Boolean
Execute ValidateUser callback