Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [OAuth2] >  [ServerDefinition]
Private  Storage   

persistent class OAuth2.ServerDefinition extends %Persistent

OAuth2. ServerDefinition is a persistent class which defines an authorization server which is available to this InterSystems IRIS instance for OAuth 2.0 client definition. The authorization server definition may be used by multiple client application definitions.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
14 25 1 1


Summary

Properties
%Concurrency AuthorizationEndpoint Clients Hash
InitialAccessToken IntrospectionEndpoint IsDiscovery IssuerEndpoint
Metadata PublicJWKS RevocationEndpoint SSLConfiguration
ServerCredentials TokenEndpoint UserinfoEndpoint

Methods
%%OIDGet %1Check %AddJrnObjToSyncSet %AddToSaveSet
%AddToSyncSet %BMEBuilt %BindExport %BuildIndices
%BuildIndicesSegment %BuildObjectGraph %CheckConstraints %CheckConstraintsForExtent
%ClassIsLatestVersion %ClassName %Close %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %DowngradeConcurrency
%ExecuteAfterTriggers %ExecuteBeforeTriggers %Exists %ExistsId
%Extends %FileIndices %FileIndicesBuffered %GUID
%GUIDSet %GetLock %GetParameter %GetSwizzleObject
%Id %IncrementCount %InsertBatch %IsA
%IsModified %IsNull %JournalObject %KillExtent
%KillExtentData %LoadFromMemory %LockExtent %LockId
%New %NormalizeObject %ObjectIsNull %ObjectModified
%Oid %OnAddToSaveSet %OnBeforeAddToSync %OnDelete
%OnDetermineClass %Open %OpenId %OriginalNamespace
%PackageName %PhysicalAddress %PurgeIndices %Reload
%RemoveFromSaveSet %ResolveConcurrencyConflict %RollBack %SQLAcquireLock
%SQLAcquireTableLock %SQLAfterTriggers %SQLBeforeTriggers %SQLBuildIndices
%SQLBuildPurgeIndexForRow %SQLBuildPurgeIndices %SQLCheckUnique %SQLCheckUniqueIndices
%SQLCheckUniqueKeys %SQLCopyIcolIntoName %SQLCopyNameIntoIcol %SQLCreateInsDelTables
%SQLDefineiDjVars %SQLDelete %SQLDeleteChildren %SQLDeleteTempStreams
%SQLEExit %SQLExists %SQLFKeyDelLock %SQLFastInsert
%SQLFieldValidate %SQLGetLock %SQLGetOld %SQLGetOldAll
%SQLGetOldIndex %SQLInsert %SQLInsertComputes %SQLInsertStreams
%SQLInvalid %SQLInvalid2 %SQLMVDelete %SQLMVIndexDelete
%SQLMVIndexInsert %SQLMVIndexUpdate %SQLMVInsert %SQLMVUpdate
%SQLMissing %SQLNormalizeCompFields %SQLNormalizeFields %SQLPurgeIndices
%SQLQuickBulkInsert %SQLQuickBulkLoad %SQLQuickBulkSave %SQLQuickBulkUpdate
%SQLQuickDelete %SQLQuickDeleteChildren %SQLQuickFindPKeyByRowID %SQLQuickFindRowIDByPKey
%SQLQuickInsert %SQLQuickLoad %SQLQuickLoadChildren %SQLQuickLogicalToOdbc
%SQLQuickOdbcToLogical %SQLQuickUpdate %SQLReleaseLock %SQLReleaseTableLock
%SQLStorageValidation %SQLTrigDelTab %SQLTrigInsTab %SQLUnlock
%SQLUnlock2 %SQLUnlockError %SQLUnlockRef %SQLUpdate
%SQLUpdateComputes %SQLUpdateStreams %SQLValidateCompFields %SQLValidateFields
%SQLicompView %SQLnBuild %Save %SaveDirect
%SaveIndices %SerializeObject %SetModified %SortBegin
%SortEnd %SyncObjectIn %SyncTransport %UnlockExtent
%UnlockId %UpgradeConcurrency %ValidateIndices %ValidateObject
AddClientSecretToJWKS AuthorizationEndpointGet AuthorizationEndpointSet ClientCount
DeleteId GetServerMetadata IntrospectionEndpointGet IntrospectionEndpointSet
IssuerEndpointSet Open OpenByIssuer RevocationEndpointGet
RevocationEndpointSet SetPublicJWKS TokenEndpointGet TokenEndpointSet
UpdateJWKS Upgrade UserinfoEndpointGet UserinfoEndpointSet


Properties

• property AuthorizationEndpoint as %OAuth2.uri;
**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to request an authorization code from the authorization server.
Required if ClientType is public or confidential.
Based on Authorization Server documentation.
• relationship Clients as OAuth2.Client [ Inverse = ServerDefinition,Cardinality = many ];
The clients that use this server defintion.
• property Hash as %String(COLLATION="EXACT",MAXLEN=64);
SHA512 hash of the IssuerEndpoint to be used only for indexing
• property InitialAccessToken as %String(MAXLEN=2048);
The optional initial registration access token which may be specified out of band and is used as a bearer token to authorize the synamic client registartion request.
• property IntrospectionEndpoint as %OAuth2.uri;
**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to make a RFC 7662 based token introspection request using the client_id and client_secret for authorization.
• property IsDiscovery as %Boolean [ InitialExpression = 0 ];
Flag indicating if the definition is created through Discovery. If it is saved through Manual then it is 0. Otherwise it is 1.
• property IssuerEndpoint as %String(COLLATION="EXACT",MAXLEN=1024) [ Required ];
The endpoint URL to be used to identify the authorization server.
Required for all ClientTypes.
• property Metadata as OAuth2.Server.Metadata;
The meta data which describes this authorization server,
• property PublicJWKS as %String(MAXLEN="");
PublicJWKS is the JWKS which contains the public asymmetric keys for this authorization server obtained manually or via the jwks_uri metadata property during discovery.
This property should never be set directly for configuration.
• property RevocationEndpoint as %OAuth2.uri;
**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to make a RFC 7009 based token revocation request using the client_id and client_secret for authorization.
• property SSLConfiguration as %String(MAXLEN=64,MINLEN=1);
The name of the activated TLS/SSL configuration to use for authorization server Discovery requests.
Chosen by user during configuration.
• property ServerCredentials as %String;
ServerCredentials is the alias of the %SYS.X509Credentials object which contains the server's certificate.
• property TokenEndpoint as %OAuth2.uri;
**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to request an access token from the authorization server.
Required for all ClientTypes.
Based on Authorization Server documentation.
• property UserinfoEndpoint as %OAuth2.uri;
**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to make a userinfo request using an access token from the authorization server for authorization

Methods

• method %OnAddToSaveSet(depth As %Integer = 3, insert As %Integer = 0, callcount As %Integer = 0) as %Status
This callback method is invoked when the current object is added to the SaveSet, either because %Save() was invoked on this object or on an object that references this object. %OnAddToSaveSet can modify the current object. It can also add other objects to the current SaveSet by invoking %AddToSaveSet or remove objects by calling %RemoveFromSaveSet.

If this method returns an error status then %Save() will fail and the transaction will be rolled back.

• private method %OnBeforeSave(insert As %Boolean) as %Status
This callback method is invoked by the %Save method to provide notification that the object is being saved. It is called before any data is written to disk.

insert will be set to 1 if this object is being saved for the first time.

If this method returns an error then the call to %Save will fail.

• classmethod %OnDelete(oid As %ObjectIdentity) as %Status
This callback method is invoked by the %Delete method to provide notification that the object specified by oid is being deleted.

If this method returns an error then the object will not be deleted. [Previously private]

• private method %OnNew() as %Status
Get a new OAuth2.ServerDefinition instance.
• private method %OnValidateObject() as %Status
This callback method is invoked by the %ValidateObject method to provide notification that the current object is being validated.

If this method returns an error then %ValidateObject will fail.

• method AddClientSecretToJWKS(publicJWKS As %String) as %Status
Copy PublicJWKS to all clients with client_secret as the symmetric keys.
• method AuthorizationEndpointGet() as %String
Get value from metadata for compatibility
• method AuthorizationEndpointSet(authorizationEndpoint As %String) as %Status
Store value in metadata for compatibility
• method ClientCount() as %Integer
Get count of clients for this server definition
• classmethod DeleteId(id As %String) as %Status
Delete this server definition.
• classmethod GetServerMetadata(issuerEndpoint As %String, sslConfiguration As %String, Output metadata As OAuth2.Server.Metadata) as %Status
Get the authorization server metadata from the server's discovery endpoint.
• method IntrospectionEndpointGet() as %String
Get value from metadata for compatibility
• method IntrospectionEndpointSet(introspectionEndpoint As %String) as %Status
Store value in metadata for compatibility
• method IssuerEndpointSet(issuerEndpoint As %String) as %Status
This is a Set accessor method for the IssuerEndpoint property.
• classmethod Open(serverDefinitionId As %String, Output sc As %Status) as OAuth2.ServerDefinition
Open the OAuth2.ServerDefinition instance.
• classmethod OpenByIssuer(issuerEndpoint As %String, Output sc As %Status) as OAuth2.ServerDefinition
Open an OAuth2.ServerDefinition instance based on the IssuerEndpoint property
• method RevocationEndpointGet() as %String
Get value from metadata for compatibility
• method RevocationEndpointSet(revocationEndpoint As %String) as %Status
Store value in metadata for compatibility
• method SetPublicJWKS(publicJWKS As %String = "", jwksUri As %String = "") as %Status
Manually set the authorization server supplied public JWKS and optionally jwks_uri.
• method TokenEndpointGet() as %String
Get value from metadata for compatibility
• method TokenEndpointSet(tokenEndpoint As %String) as %Status
Store value in metadata for compatibility
• method UpdateJWKS(Output sc As %Status) as %Boolean
Get and save a new public JWKS for the authorization server if the JWKS was specified using jwks_uri metadata. Return true if a new JWKS was obtained
• method Upgrade() as %Status
Upgrade OAuth2.ServerDefinition instance when dynamic client support introduced
• method UserinfoEndpointGet() as %String
Get value from metadata for compatibility
• method UserinfoEndpointSet(userinfoEndpoint As %String) as %Status
Store value in metadata for compatibility

Queries

• query List()
SQL Query :
SELECT ID, IssuerEndpoint,
( SELECT COUNT(*) FROM Client WHERE ServerDefinition->ID = sd.ID ) AS ClientCount
FROM ServerDefinition as sd
ORDER BY IssuerEndpoint
List authorization servers available to client applications for SMP page

Indices

•index (IssuerIndex on Hash) [Unique];
The server definition is indexed by hash to make IssuerEndpoint unique.


Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.