Skip to main content

OAuth2.ServerDefinition

Class OAuth2.ServerDefinition Extends %Persistent [ System = 4 ]

OAuth2. ServerDefinition is a persistent class which defines an authorization server which is available to this InterSystems IRIS instance for OAuth 2.0 client definition. The authorization server definition may be used by multiple client application definitions.

Properties

IssuerEndpoint

Property IssuerEndpoint As %String(COLLATION = "EXACT", MAXLEN = "") [ Required ];

The server definition is indexed by hash to make IssuerEndpoint unique. The endpoint URL to be used to identify the authorization server.
Required for all ClientTypes.

Hash

Property Hash As %String(COLLATION = "EXACT", MAXLEN = 64) [ Internal ];

SHA512 hash of the IssuerEndpoint to be used only for indexing

InitialAccessToken

Property InitialAccessToken As %String(MAXLEN = "");

The optional initial registration access token which may be specified out of band and is used as a bearer token to authorize the synamic client registartion request.

SSLConfiguration

Property SSLConfiguration As %String(MAXLEN = 64, MINLEN = 1);

The name of the activated TLS/SSL configuration to use for authorization server Discovery requests.
Chosen by user during configuration.

AuthorizationEndpoint

Property AuthorizationEndpoint As %OAuth2.uri;

**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to request an authorization code from the authorization server.
Required if ClientType is public or confidential.
Based on Authorization Server documentation.

TokenEndpoint

Property TokenEndpoint As %OAuth2.uri;

**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to request an access token from the authorization server.
Required for all ClientTypes.
Based on Authorization Server documentation.

UserinfoEndpoint

Property UserinfoEndpoint As %OAuth2.uri;

**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to make a userinfo request using an access token from the authorization server for authorization

IntrospectionEndpoint

Property IntrospectionEndpoint As %OAuth2.uri;

**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to make a RFC 7662 based token introspection request using the client_id and client_secret for authorization.

RevocationEndpoint

Property RevocationEndpoint As %OAuth2.uri;

**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
The endpoint URL to be used for to make a RFC 7009 based token revocation request using the client_id and client_secret for authorization.

ServerCredentials

Property ServerCredentials As %String;

ServerCredentials is the alias of the %SYS.X509Credentials object which contains the server's certificate.

PublicJWKS

Property PublicJWKS As %String(MAXLEN = "") [ Internal ];

PublicJWKS is the JWKS which contains the public asymmetric keys for this authorization server obtained manually or via the jwks_uri metadata property during discovery.
This property should never be set directly for configuration.

PublicJWKSExpires

Property PublicJWKSExpires As %Integer [ Internal ];

PublicJWKSExpires gives the time (in seconds) when the PublicJWKS will expire, or -1 if the PublicJWKS does not expire, or 0, meaning that it should not be stored. If the PublicJWKS was retrieved from the jwks_uri metadata parameter, this value will be determined based on the HTTP headers of the response. Otherwise, it should be -1 (no expiration.) This property should not be directly manipulated.

Metadata

Property Metadata As OAuth2.Server.Metadata;

The meta data which describes this authorization server,

Clients

Relationship Clients As OAuth2.Client [ Cardinality = many, Inverse = ServerDefinition ];

The clients that use this server defintion.

IsDiscovery

Property IsDiscovery As %Boolean [ InitialExpression = 0, Internal ];

Flag indicating if the definition is created through Discovery. If it is saved through Manual then it is 0. Otherwise it is 1.

Methods

IssuerEndpointSet

Method IssuerEndpointSet(issuerEndpoint As %String) As %Status [ Internal ]

AuthorizationEndpointSet

Method AuthorizationEndpointSet(authorizationEndpoint As %String) As %Status [ Internal ]

Store value in metadata for compatibility

AuthorizationEndpointGet

Method AuthorizationEndpointGet() As %String [ Internal ]

Get value from metadata for compatibility

TokenEndpointSet

Method TokenEndpointSet(tokenEndpoint As %String) As %Status [ Internal ]

Store value in metadata for compatibility

TokenEndpointGet

Method TokenEndpointGet() As %String [ Internal ]

Get value from metadata for compatibility

UserinfoEndpointSet

Method UserinfoEndpointSet(userinfoEndpoint As %String) As %Status [ Internal ]

Store value in metadata for compatibility

UserinfoEndpointGet

Method UserinfoEndpointGet() As %String [ Internal ]

Get value from metadata for compatibility

IntrospectionEndpointSet

Method IntrospectionEndpointSet(introspectionEndpoint As %String) As %Status [ Internal ]

Store value in metadata for compatibility

IntrospectionEndpointGet

Method IntrospectionEndpointGet() As %String [ Internal ]

Get value from metadata for compatibility

RevocationEndpointSet

Method RevocationEndpointSet(revocationEndpoint As %String) As %Status [ Internal ]

Store value in metadata for compatibility

RevocationEndpointGet

Method RevocationEndpointGet() As %String [ Internal ]

Get value from metadata for compatibility

%OnNew

Method %OnNew() As %Status [ Internal, Private ]

Get a new OAuth2.ServerDefinition instance.

SetPublicJWKS

Method SetPublicJWKS(publicJWKS As %String = "", jwksUri As %String = "") As %Status

Manually set the authorization server supplied public JWKS and optionally jwks_uri.

Open

ClassMethod Open(serverDefinitionId As %String, Output sc As %Status) As OAuth2.ServerDefinition

Open the OAuth2.ServerDefinition instance.

OpenByIssuer

ClassMethod OpenByIssuer(issuerEndpoint As %String, Output sc As %Status) As OAuth2.ServerDefinition

Open an OAuth2.ServerDefinition instance based on the IssuerEndpoint property

GetServerMetadata

ClassMethod GetServerMetadata(issuerEndpoint As %String, sslConfiguration As %String, Output metadata As OAuth2.Server.Metadata) As %Status [ Internal ]

Get the authorization server metadata from the server's discovery endpoint.

Upgrade

Method Upgrade() As %Status [ Internal ]

Upgrade OAuth2.ServerDefinition instance when dynamic client support introduced

UpdateJWKS

Method UpdateJWKS(Output sc As %Status) As %Status [ Deprecated ]

Get and save a new public JWKS for the authorization server if the JWKS was specified using jwks_uri metadata. Returns a status code.
This method is deprecated. New code should use RefreshJWKS instead.

RefreshJWKS

Method RefreshJWKS(force As %Boolean = 0, save As %Boolean = 1, Output sc As %Status) As %Boolean

If the server's public JWKS was specified using the jwks_uri metadata parameter, this method will fetch the jwks if it has expired.

Parameters:

  • force - refresh the jwks even if the cached version is still valid (default is 0)
  • save - save the server definition (default is 1)
  • sc (output) - Status code structure containing any errors Returns:
  • 1 - if the jwks was updated
  • 0 - if the cached version was still valid

%OnValidateObject

Method %OnValidateObject() As %Status [ Internal, Private ]

%OnAddToSaveSet

Method %OnAddToSaveSet(depth As %Integer = 3, insert As %Integer = 0, callcount As %Integer = 0) As %Status [ Internal ]

This callback method is invoked when the current object is added to the SaveSet, either because %Save() was invoked on this object or on an object that references this object. %OnAddToSaveSet can modify the current object. It can also add other objects to the current SaveSet by invoking %AddToSaveSet or remove objects by calling %RemoveFromSaveSet.

If this method returns an error status then %Save() will fail and the transaction will be rolled back.

%OnBeforeSave

Method %OnBeforeSave(insert As %Boolean) As %Status [ Internal, Private ]

This callback method is invoked by the %Save method to provide notification that the object is being saved. It is called before any data is written to disk.

insert will be set to 1 if this object is being saved for the first time.

If this method returns an error then the call to %Save will fail.

DeleteId

ClassMethod DeleteId(id As %String) As %Status

Delete this server definition.

%OnDelete

ClassMethod %OnDelete(oid As %ObjectIdentity) As %Status [ Internal ]

This callback method is invoked by the %Delete method to provide notification that the object specified by oid is being deleted.

If this method returns an error then the object will not be deleted. [Previously private]

ClientCount

Method ClientCount() As %Integer

Get count of clients for this server definition