Using OAuth 2.0 and OpenID Connect with Caché
Creating Configuration Items Programmatically
[Home] [Back] [Next]
InterSystems: The power behind what matters   
Class Reference   
Search:    

The earlier chapters of this book describe how to use the Management Portal to configure OAuth 2.0 clients, resource servers, and authorization servers. InterSystems also supports creating these configuration items programmatically. The following subsections provide the details for clients (including resource servers) and for the authorization server.

Creating the Client Configuration Items Programmatically
To programmatically create the configuration items for an OAuth 2.0 client or an OAuth 2.0 resource server:
  1. Create a server description.
  2. Create an associated client configuration.
Creating a Server Description
A server description is an instance of OAuth2.ServerDefinition. To create a server definition:
  1. Switch to the %SYS namespace.
  2. If the authorization server supports discovery, call the Discover() method of %SYS.OAuth2.Registration. This method is as follows:
    																																																																																																																									ClassMethod Discover(issuerEndpoint As %String, 
                         sslConfiguration As %String, 
                         Output server As OAuth2.ServerDefinition) As %Status
    Where:
  3. Then save the returned instance of OAuth2.ServerDefinition.
Or, if the authorization server does not support discovery:
  1. Switch to the %SYS namespace.
  2. Create an instance of OAuth2.ServerDefinition.
  3. Set its properties. In most cases, the names of the properties match the labels shown in the Management Portal (apart from spaces and capitalization). For reference, see Manually Creating a Server Description.” The properties are as follows:
  4. Save the instance.
Creating a Client Configuration
A client configuration is an instance of OAuth2.Client. To create a client configuration:
  1. Switch to the %SYS namespace.
  2. Create an instance of OAuth2.Client.
  3. Set its properties. In most cases, the names of the properties match the labels shown in the Management Portal (apart from spaces and capitalization). For reference, see Configuring and Dynamically Registering a Client.” The properties are as follows:
  4. If the authorization server supports dynamic client registration, call the RegisterClient() method of %SYS.OAuth2.Registration. This method is as follows:
    ClassMethod RegisterClient(applicationName As %String) As %Status
    Where applicationName is the name of the client application.
    This method registers the client, retrieves client metadata (including the client ID and client secret), and then updates the instance of OAuth2.Client.
Creating the Server Configuration Items Programmatically
To programmatically create the configuration items for an OAuth 2.0 authorization server:
  1. Note that you cannot define more than one authorization server configuration on any given Caché instance. Also, to create this configuration, you must be logged in as a user who has USE permission on the %Admin_Secure resource.
  2. Create the associated client descriptions.
Creating the Authorization Server Configuration
An authorization server configuration is an instance of OAuth2.Server.Configuration. To create an authorization server configuration:
  1. Switch to the %SYS namespace.
  2. Create an instance of OAuth2.Server.Configuration
  3. Set its properties. In most cases, the names of the properties match the labels shown in the Management Portal (apart from spaces and capitalization). For reference, see Configuring the Authorization Server.” The properties are as follows:
    For allowed values for algorithms for signing, key management, and encryption, the class reference for %OAuth2.JWT.
  4. Save the instance.
Note that Caché does not support having more than one instance of this class.
Also note that in order to save this instance, you must be logged in as a user who has USE permission on the %Admin_Secure resource.
Creating a Client Description
A client description is an instance of OAuth2.Server.Client. To create a client description:
  1. Switch to the %SYS namespace.
  2. Create an instance of OAuth2.Server.Client.
  3. Set its properties. In most cases, the names of the properties match the labels shown in the Management Portal (apart from spaces and capitalization). For reference, see Creating a Client Description.” The properties are as follows:
  4. Save the instance.
    The system generates values for the ClientId and ClientSecret properties.