Using OAuth 2.0 and OpenID Connect with Caché
Implementing DirectLogin()
[Home] [Back] [Next]
InterSystems: The power behind what matters   
Class Reference   

When you use Caché as an OAuth 2,0 authorization server, normally you implement the DisplayLogin() method of the Authenticate class, which displays a page where the user enters a username and password and logs in. If you instead want the server to authenticate without displaying a login form and without using the current session, then implement the DirectLogin() method of the Authenticate class. The following flowchart shows how a Caché authorization server identifies the user, when processing a request for an access token:

By default, the GetUser() method gets the username that was entered in the previous login.
Note that DisplayPermissions() is not called if you implement DirectLogin(), because DirectLogin() takes responsibility for displaying permissions.
The DirectLogin() method has the following signature:
ClassMethod DirectLogin(scope As %ArrayOfDataTypes, 
                        properties As %OAuth2.Server.Properties, 
                        Output username As %String, 
                        Output password As %String) As %Status
In your implementation, use your own logic to set the username and password arguments. To do so, use the scope and properties arguments as needed. To deny access, your method can set the username argument to $char(0). In this case, the authorization server will return the access_denied error.
The method can also set properties of properties; this object is available in later processing.
The method must return a %Status.