class %OAuth2.Server.Validate extends %Library.RegisteredObjectThe %OAuth2.Server.Validate class is the default ValidateUserClass which is included with the server. The default class will use the user database of the InterSystems IRIS instance where the authorization server is located to validate the user. The supported properties will be issuer (Issuer), roles and sub (Username).
The ValidateUserClass is specified in the Authorization Server Configuration. It must contain a ValidateUser method which will validate a username/password combination and return a set of properties associated with this user.
If not valid then false is returned.
This default ValidateClient accepts all clients and adds no properties.
The properties.CustomProperties array may be used to pass values between the DelegatedAuthentication method and this one.
If password="", then the user is already logged into an existing session and the password does not need to be validated.
In addition, this method receives the properties array and can further modify it; this correspond to the Properties property of %OAuth2.Server.Token. The authorization server will always add the "iss" (URL of authorization server), "sub" (client_id), and "exp" (expiration time in seconds since December 31st, 1840) to ClaimValues and "client_id" (client_id of the requesting client) to CusotmProperties after return from ValidateUser if they have not already been added.
This sample ValidateUser method validates the user based on the users for this instance. Set the use2fa output parameter to 1 (true) to indicate two factor authentication should be used. In this case the authenticate page will ask the user to enter a security code, which will be validated by Validate2FA().