Using OAuth 2.0 and OpenID Connect with Caché
[Home]  [Next]
InterSystems: The power behind what matters   
Class Reference   

Preface : 
Chapter 1: 
  1.1 Basics
1.2 Roles
1.3 Access Tokens
1.3.1 Forms of Access Tokens
1.3.2 Claims
1.3.3 JWTs and JWKSs
1.4 Grant Types and Flows
1.5 Scopes
1.6 Endpoints in an Authorization Server
1.7 See Also
Chapter 2: 
  2.1 Supported Scenarios
2.2 Caché Support for OAuth 2.0 and OpenID Connect
2.2.1 Configuration Items on a Client
2.2.2 Configuration Items on the Server
2.3 Standards Supported in Caché
Chapter 3: 
  3.1 Prerequisites for the Caché Client
3.2 Configuration Requirements
3.2.1 Creating a Server Description (Using Discovery)
3.2.2 Configuring and Dynamically Registering a Client
3.3 Outline of Code Requirements
3.4 Obtaining Tokens
3.4.1 Method Details
3.5 Examining the Token(s)
3.6 Adding an Access Token to an HTTP Request
3.7 Optionally Defining Delegated Authentication for the Web Client
3.7.1 Creating and Using a ZAUTHENTICATE Routine for an OAuth 2.0 Client
3.7.2 Creating and Using a Custom Login Page for an OAuth 2.0 Client
3.7.3 Notes about the OAUTH2.ZAUTHENTICATE.mac Sample
3.8 Variations
3.8.1 Variation: Implicit Grant Type
3.8.2 Variation: Password Credentials Grant Type
3.8.3 Variation: Client Credentials Grant Type
3.8.4 Variation: Performing the Redirect within OnPreHTTP
3.8.5 Variation: Passing Request Objects as JWTs
3.8.6 Variation: Calling Other Endpoints of the Authorization Server
3.9 Revoking Access Tokens
3.9.1 Revoking a User’s Access Tokens
3.9.2 Revoking Access Tokens Programmatically
3.10 Rotating Keys Used for JWTs
3.10.1 API for Key Rotation on the Client
3.11 Getting a New Public JWKS from the Authorization Server
Chapter 4: 
  4.1 Prerequisites for the Caché Resource Server
4.2 Configuration Requirements
4.3 Code Requirements
4.4 Variations
4.4.1 Variation: Resource Server Calls Userinfo Endpoint
4.4.2 Variation: Resource Server Does Not Call Endpoints
Chapter 5: 
  5.1 Configuration Requirements for the Caché Authorization Server
5.1.1 Configuring the Authorization Server
5.2 Code Customization Options and Overall Flow
5.2.1 How a Caché Authorization Server Processes Requests
5.2.2 Default Classes
5.3 Implementing the Custom Methods for the Caché Authorization Server
5.3.1 Optional Custom Processing Before Authentication
5.3.2 Identifying the User
5.3.3 Validating the User and Specifying Claims
5.3.4 Displaying Permissions
5.3.5 Optional Custom Processing After Authentication
5.3.6 Generating the Access Token
5.3.7 Validating the Client
5.4 Details for the %OAuth2.Server.Properties Object
5.4.1 Basic Properties
5.4.2 Properties Related to Claims
5.4.3 Methods for Working with Claims
5.5 Locations of the Authorization Server Endpoints
5.6 Creating Client Definitions on a Caché OAuth 2.0 Authorization Server
5.7 Rotating Keys Used for JWTs
5.7.1 API for Key Rotation on the Authorization Server
5.8 Getting a New Public JWKS from a Client
Appendix A: 
  A.1 Creating the Client Configuration Items Programmatically
A.1.1 Creating a Server Description
A.1.2 Creating a Client Configuration
A.2 Creating the Server Configuration Items Programmatically
A.2.1 Creating the Authorization Server Configuration
A.2.2 Creating a Client Description
Appendix B: 
Appendix C: 
  C.1 Using Certificates for an OAuth 2.0 Client
C.2 Using Certificates for an OAuth 2.0 Resource Server
C.3 Using Certificates for an OAuth 2.0 Authorization Server