Class Reference
IRIS for UNIX 2019.4
InterSystems: The power behind what matters   
Documentation  Search
  [ENSLIB] >  [%OAuth2] >  [JWT]
Private  Storage   

class %OAuth2.JWT extends %RegisteredObject


Parameters Properties Methods Queries Indices ForeignKeys Triggers


%%OIDGet %AddToSaveSet %BindExport %BuildObjectGraph
%ClassIsLatestVersion %ClassName %Close %ConstructClone
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %Extends
%GetParameter %IncrementCount %IsA %IsModified
%New %NormalizeObject %ObjectModified %OriginalNamespace
%PackageName %RemoveFromSaveSet %SerializeObject %SetModified
%ValidateObject GetJWK JWTToObject ObjectToJWT


• classmethod GetJWK(JWKS As %DynamicObject, Alg As %String, Kid As %String) as %DynamicObject
• classmethod JWTToObject(JWT As %String, LocalPrivate As %String, RemotePublic As %String, Output JOSE As %String, Output Body As %DynamicObject) as %Status
This method processes a JSON Web Token (JWT), performing decryption and/or signature verification operations as required.

Input parameters:

JWT - JSON Web Token

LocalPrivate - Local Private JWKS
RemotePublic - Remote Public JWKS
Output parameters:

JOSE - Output Array of Strings containing the algorithms used for Signature and/or Encryption operations performed on the JWT.
JOSE("sigalg") - Signature or MAC algorithm
JOSE("keyalg") - Key management algorithm
JOSE("encalg") - Content encryption algorithm

Body - Output Object representation of the claims contained in the JWT
• classmethod ObjectToJWT(ByRef JOSE As %String, Body As %DynamicObject, LocalPrivate As %String, RemotePublic As %String, Output JWT As %String) as %Status
This method generates a JSON Web Token (JWT), performing signature and/or encryption operations as requested.

Input parameters:

JOSE - Array of Strings used to specify the JSON Object Signature and/or Encryption operations to be performed on the JWT

For JSON Web Signature (JWS):

JOSE("sigalg") - Signature or MAC algorithm, supported options:
"HS256", HMAC with SHA-256
"HS384", HMAC with SHA-384
"HS512", HMAC with SHA-512
"RS256", RSASSA-PKCS1-V1_5 using SHA-256
"RS384", RSASSA-PKCS1-V1_5 using SHA-384
"RS512", RSASSA-PKCS1-V1_5 using SHA-512

For JSON Web Encryption (JWE):

JOSE("keyalg") - Key management algorithm, supported options:
"RSA1_5", Encryption with RSAES-PKCS1-V1_5
"RSA-OAEP", Encryption with RSAES-OAEP

JOSE("encalg") - Content encryption algorithm, supported options:
"A128CBC-HS256", 128-bit AES in CBC mode with HMAC SHA-256
"A192CBC-HS384", 192-bit AES in CBC mode with HMAC SHA-384
"A256CBC-HS512", 256-bit AES in CBC mode with HMAC SHA-512

Note, JOSE("keyalg") and JOSE("encalg") must both be specified or null.

If JWS and JWE are both specified the JWT will be signed, then encrypted.

Body - Object representation of the Claims contained in the JWT

LocalPrivate - Local Private JWKS

RemotePublic - Remote Public JWKS
Output parameter:

JWT - JSON Web Token

Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.