OAuth2.Server.Client
Class OAuth2.Server.Client Extends %Persistent [ System = 4 ]
OAuth2.Server.Client is a persistent class which describes the clients which have registered with this authorization server. This class is used internally by InterSystems IRIS. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class.
Properties
ClientId
Property ClientId As %String(MAXLEN = 1024, MINLEN = 1) [ Required ];
The IDKEY for the client configuration class. The unique id which we generate for this client.
ClientSecret
Property ClientSecret As %String(MAXLEN = 1024);
ClientSecret is the secret which is used as a client password.
Name
Property Name As %String(MAXLEN = 128) [ Required ];
The name of this client. When using dynamic registration the initial value will be the value of the "client_name" metadata field.
RedirectURL
Property RedirectURL As list Of %String(MAXLEN = "");
RedirectURL is the expected redirect URL for this client.
LaunchURL
Property LaunchURL As %String(MAXLEN = "");
LaunchURL is the URL used to launch this client. LaunchURL may be used in some circumstances to identify the client and as the value of the aud claim.
DefaultScope
Property DefaultScope As %String(MAXLEN = "");
DefaultScope is a blank separated list containing the default for access token scope if scope is not specified in the access token request.
Description
Property Description As %String(MAXLEN = 256);
Description of the client.
Chosen by user during configuration.
ClientType
Property ClientType As %String(VALUELIST = ",public,confidential,resource") [ Required ];
The type of client configuration:
public - a public client. See RFC 6749 confidential - a confidential client. See RFC 6749 resource - a resource server which is not also a client.
Chosen by user during configuration. Will usually be confidential client for an InterSystems IRIS application.
ClientCredentials
Property ClientCredentials As %String;
ClientCredentials is the alias of the %SYS.X509Credentials object which contains the client's certificate.
PublicJWKS
Property PublicJWKS As %String(MAXLEN = "") [ Internal ];
PublicJWKS is the JWKS which contains the public asymmetric keys for this client obtained manually or via the jwks or jwks_uri metadata property during client dynamic registration.
This property should never be set directly for configuration.
RemotePublicJWKS
Property RemotePublicJWKS As %String(MAXLEN = "") [ Deprecated, Internal ];
This property is deprecated. The public keys are stored in PublicJWKS and the symmetric keys are stored in SymmetricJWKS.
PublicJWKSExpires
Property PublicJWKSExpires As %Integer [ Internal ];
PublicJWKSExpires gives the time (in seconds) when the PublicJWKS will expire, or -1 if the PublicJWKS does not expire, or 0, meaning that it should not be stored. If the PublicJWKS was retrieved from the jwks_uri metadata parameter, this value will be determined based on the HTTP headers of the response. Otherwise, it should be -1 (no expiration.) This property should not be directly manipulated.
SymmetricJWKS
Property SymmetricJWKS As %String(MAXLEN = "") [ Internal ];
SymmetricJWKS stores the symmetric keys used by this OAuth2 client configuration. These keys are typically derived from the client secret.
SupportedGrantTypes
Property SupportedGrantTypes As %String(MAXLEN = 5, MINLEN = 1);
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
SupportedGrantTypes is the grant types that are supported to create an access token. This property is a string of 1 to 5 characters with one character for each supported grant type as follows:
- "A" - Authorization Code - "I" - Implicit - "P" - Resource Owner Password Credentials - "C" - Client Credentials - "J" - JWT Authorization
"client_name"
Property "client_name" As %String(MAXLEN = 128);
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
client_name is the name of the Client to be presented to the EndUser.
"logo_uri"
Property "logo_uri" As %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
logo_uri is a URL that references a logo for the Client application. If present, the authorization server will display this image to the EndUser during approval. The value of this field must point to a valid image file.
"client_uri"
Property "client_uri" As %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
client_uri is the URL of the home page of the Client. The value of this field must point to a valid Web page. If present, the authorization server will display this URL to the EndUser in a followable fashion.
"policy_uri"
Property "policy_uri" As %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
policy_uri is the that the Relying Party Client provides to the EndUser to read about the how the profile data will be used. The value of this field must point to a valid web page.
"tos_uri"
Property "tos_uri" As %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
tos_uri is the URL that the Relying Party Client provides to the EndUser to read about the Relying Party's terms of service. The value of this field must point to a valid web page.
Metadata
Property Metadata As OAuth2.Client.Metadata;
The meta data which describes this client.
Methods
SupportedGrantTypesSet
Method SupportedGrantTypesSet(supportedGrantTypes As %String) As %Status [ Internal ]
Store value in metadata for compatibility
SupportedGrantTypesGet
Method SupportedGrantTypesGet() As %String [ Internal ]
Get value from metadata for compatibility
"client_nameSet"
Method "client_nameSet"(clientName As %String) As %Status [ Internal ]
Store value in metadata for compatibility
"client_nameGet"
Method "client_nameGet"() As %String [ Internal ]
Get value from metadata for compatibility
"logo_uriSet"
Method "logo_uriSet"(logoUri As %String) As %Status [ Internal ]
Store value in metadata for compatibility
"logo_uriGet"
Method "logo_uriGet"() As %String [ Internal ]
Get value from metadata for compatibility
"client_uriSet"
Method "client_uriSet"(clientUri As %String) As %Status [ Internal ]
Store value in metadata for compatibility
"client_uriGet"
Method "client_uriGet"() As %String [ Internal ]
Get value from metadata for compatibility
"policy_uriSet"
Method "policy_uriSet"(policyUri As %String) As %Status [ Internal ]
Store value in metadata for compatibility
"policy_uriGet"
Method "policy_uriGet"() As %String [ Internal ]
Get value from metadata for compatibility
"tos_uriSet"
Method "tos_uriSet"(tosUri As %String) As %Status [ Internal ]
Store value in metadata for compatibility
"tos_uriGet"
Method "tos_uriGet"() As %String [ Internal ]
Get value from metadata for compatibility
%OnNew
Method %OnNew() As %Status [ Internal, Private ]
Get a new OAuth2.Server.Client instance with a newly generated ClientId and ClientSecret.
SetPublicJWKS
Method SetPublicJWKS(publicJWKS As %String, jwksUri As %String) As %Status
Manually set the client supplied public JWKS and optionally jwks_uri.
Open
ClassMethod Open(clientId As %String, Output sc As %Status) As OAuth2.Server.Client
Open the OAuth2.Server.Client instance.
Save
Method Save() As %Status
Save this OAuth2.Server.Client instance.
DeleteId
ClassMethod DeleteId(id As %String) As %Status
Delete this client configuration.
Upgrade
Method Upgrade() As %Status [ Internal ]
Upgrade OAuth2.Client instance when dynamic client support introduced
UpdateJWKS
Method UpdateJWKS(server As OAuth2.Server.Configuration, Output sc As %Status) As %Status [ Deprecated ]
Get and save a new public JWKS for this client if the JWKS was specified using jwks_uri metadata. Returns a status code.
This method is deprecated. New code should use RefreshJWKS instead.
RefreshJWKS
Method RefreshJWKS(sslConfig As %String, force As %Boolean = 0, save As %Boolean = 1, Output sc As %Status) As %Boolean
If the client's JWKS was specified using the jwks_uri metadata parameter, this method will fetch the jwks if it has expired.
Parameters:
- sslConfig - the name of an SSL configuration to use when communicating with the remote server
- force - refresh the jwks even if the cached version is still valid (default is 0)
- save - save the client definition (default is 1)
- sc (output) - Status code structure containing any errors Returns:
- 1 - if the jwks was updated
- 0 - if the cached version was still valid
%OnAddToSaveSet
Method %OnAddToSaveSet(depth As %Integer = 3, insert As %Integer = 0, callcount As %Integer = 0) As %Status [ Private, ServerOnly = 1 ]
This callback method is invoked when the current object is added to the SaveSet, either because %Save() was invoked on this object or on an object that references this object. %OnAddToSaveSet can modify the current object. It can also add other objects to the current SaveSet by invoking %AddToSaveSet or remove objects by calling %RemoveFromSaveSet.
If this method returns an error status then %Save() will fail and the transaction will be rolled back.
%OnValidateObject
Method %OnValidateObject() As %Status [ Internal, Private ]
ValidateRedirectURL
Method ValidateRedirectURL(Output baseurls) As %Status [ Internal ]
Validate the redirect uris
ValidateURL
Method ValidateURL(name As %String, uri As %String, ByRef baseurls) As %Status [ Internal ]
Validate Client URLs
%OnBeforeSave
Method %OnBeforeSave(insert As %Boolean) As %Status [ Internal, Private ]
This callback method is invoked by the %Save method to provide notification that the object is being saved. It is called before any data is written to disk.
insert will be set to 1 if this object is being saved for the first time.
If this method returns an error then the call to %Save will fail.
%OnDelete
ClassMethod %OnDelete(oid As %ObjectIdentity) As %Status [ Internal ]
This callback method is invoked by the %Delete method to provide notification that the object specified by oid is being deleted.
If this method returns an error then the object will not be deleted. [Previously private]