Using OAuth 2.0 and OpenID Connect with Caché
How Caché Supports OAuth 2.0 and OpenID Connect
[Home] [Back] [Next]
InterSystems: The power behind what matters   
Class Reference   
Search:    

This chapter introduces Caché support for OAuth 2.0 and OpenID Connect.

Supported Scenarios
With Caché support for OAuth 2.0 and OpenID connect, you can do any or all of the following:
For example, you can use a Caché web application as a client of an authorization server that uses third-party technology. Or you can use third-party clients with an authorization server that is built on Caché. The resource server or resource servers could be implemented in Caché or in a different technology.
In all cases, the authorization server is the most complex element and is generally created first. You create clients later. When you create a client, it is generally necessary to understand the capabilities and requirements of the authorization server, such as the scopes it supports.
Caché Support for OAuth 2.0 and OpenID Connect
The Caché support for OAuth 2.0 and OpenID Connect consists of the following elements:
The following subsections provide an overview of the configuration items.
Configuration Items on a Client
Within a Caché instance that is acting as an OAuth 2.0 client, it is necessary to define two connected configuration items for a given client application: a server description (which describes the authorization server) and a client configuration (which configures the client). A given Caché instance can have any number of server descriptions. Each server description has multiple client configurations, as shown in the following figure, which also indicates some of the information stored in these configuration items:
This architecture intended to simplify configuration, because it enables you to define multiple client configurations that use the same authorization server without needing to repeat the details of the authorization server.
You can create these items via the Management Portal, as described in the chapter Using a Caché Web Application as an OAuth 2.0 Client. ”Or you can create them programmatically, as described in the appendix Creating Configuration Items Programmatically.”
Configuration Items on the Server
Within a Caché instance that is acting as an OAuth 2.0 authorization server, it is necessary to define a server configuration (which configures the authorization server) and a number of client descriptions. The following figure indicates some of the information stored in these configuration items.
A given Caché instance can have at most one server configuration and can have many client descriptions. One client description is necessary for each client application. A client description is also necessary for each resource server that uses any endpoints of the authorization server. If a resource server does not use any endpoints of the authorization server, there is no need to create a client description for it.
You can create these items via the Management Portal, as described in the chapter Using Caché as an OAuth 2.0 Authorization Server.” Or you can create them programmatically, as described in the appendix Creating Configuration Items Programmatically.”
Standards Supported in Caché
This section lists the standards that Caché supports for OAuth 2.0 and Open ID Connect: