Skip to main content

%OAuth2.Login

Class %OAuth2.Login Extends %CSP.Login

%OAuth2.Login is the base class for login pages which use OAuth 2.0 or OpenID Connect. The usual login class will only override the APPLICATION and SCOPE parameters. Additional customization may be done by overriding the RESPONSEMODE parameter and DefineProperties method.

The login page will directly log in the session using delegated authentication. For an example ZAUTHENTICATE routine, see the Samples-Security repo in GitHub.

Parameters

APPLICATION

Parameter APPLICATION As STRING;

The application name for the application being logged into.
The actual login page will need to override this parameter.

SCOPE

Parameter SCOPE As STRING;

The blank separated scope list to be used for the access token request. The actual login page will need to override this parameter.

RESPONSEMODE

Parameter RESPONSEMODE As STRING;

The RESPONSEMODE parameter specifies the mode of the response as either query, fragment or form_post. The default is query.

SessionQueryParameter

Parameter SessionQueryParameter [ Internal ] = "CSPOAUTH2";

The name of the query parameter used to carry the access token hash.

Methods

OnPreHTTP

ClassMethod OnPreHTTP() As %Boolean [ Internal ]

DefineParameters

ClassMethod DefineParameters(Output application As %String, Output scope As %String, Output responseMode As %String)

Callback to allow the overriding login subclass to define the class parameter values at run-time
The default to use the class parameter values.

DefineProperties

ClassMethod DefineProperties(Output properties As %String)

Callback to allow the overriding login subclass to define the properties list for the GetAccessTokenAuthorizationCode call.
properties is a local array specifying additional properties to be included in a token request in the form properties(name)=value. To add a request parameter which is a JSON object, you may either create a properties element which is a %DynamicObject or is a string that is the UTF-8 encoded serialized object. For example the claims parameter that is defined by OpenID Connect. If the request or request_uri request parameters are to be used, then the %SYS.OAuth2.Request class is used to create the JWT. The the JWT is assigned to properties("request") or the URL for the JWT is assigned to properties("request_uri")

OnPage

ClassMethod OnPage() As %Status [ Internal ]