Skip to main content

%OAuth2.Server.AbstractSession

Class %OAuth2.Server.AbstractSession [ Abstract, System = 4 ]

This class defines the interface for the OAuth2 Server session maintenance class. If SupportSession is true in OAuth2.Server.Configuration then this class is used to track the user's session. The default session maintenance class is OAuth2.Server.Session. The behavior can be customized by creating a subclasss of this class.

Methods

GetUser

ClassMethod GetUser(Output scope As %String, Output authTime As %Integer, Output sc As %Status, authCode As %String = "") As %String [ Abstract ]

This method returns the name of the user currently logged into this session. If no session exists, then "" is returned.
The set of scopes associated with this session are returned in the scope parameter.
The time the session was created is returned in the authTime parameter.
The sc parameter contains the error code (or $$$OK if no error occurred).
authCode contains the Authorization Code from the associated Access Token. This can be used to associate the Access Token with the session.

Update

ClassMethod Update(scope As %String, interval As %Integer) As %Status [ Abstract ]

This method updates the current session with the provided values.
scope is a blank separated list of scope values to associate with the session.
If the interval argument is specified the session interval should be updated.
The interval argument is seconds until expiration for the session. If interval=0, then the session will not expire.

Login

ClassMethod Login(username As %String, scope As %String, interval As %Integer, Output authTime As %Integer, authCode As %String = "") As %Status [ Abstract ]

This method creates a new session for the user named by username.
The scope argument specifies a blank separated list of scopes for which the user is authorized.
The interval argument is seconds until expiration for the session.
If interval=0, then the session will not expire.
authTime indicates the time at which the session was created. This should be specified as the number of seconds since the start of the UNIX epoch. This can be computed using Set authTime = ##class(%OAuth2.Utils).TimeInSeconds($ztimestamp,0) authCode contains the Authorization Code from the associated Access Token. This can be used to associate the Access Token with the session.

Logout

ClassMethod Logout() As %Status [ Abstract ]

The Logout method terminates the current session. This may be called when there is no current session.

DeleteAll

ClassMethod DeleteAll() As %Status [ Abstract ]

This method deletes all current sessions.

UpdateTokenGroup

ClassMethod UpdateTokenGroup(authCode As %String, groupId As %String, force As %Boolean = 0) As %Status

This method will update the OAuth2.Server.AccessToken identified by authcode with the given groupId. This can be used to associate the Access Token with the user's session. The Access Token will not be updated if it already is associated with a GroupId, unless force is true. Note that any subclass of this class MUST use the OAuth2.Server.AccessToken GroupId property to associate tokens with sessions. All tokens that have the same GroupId are part of the same session.