OAuth2.ResourceServer
persistent class OAuth2.ResourceServer extends %Library.Persistent, %XML.Adaptor
SQL Table Name: OAuth2.ResourceServer
OAuth2.ResourceServer defines an OAuth2 Resource Server as described in RFC 6749. A Resource Server's primary responsibility is to receive incoming access tokens, validate them and determine access based on the context.Property Inventory
- AccessTokenIsJWT
- AlwaysCallIntrospection
- Audiences
- Authenticator
- ClientId
- ClientSecret
- Description
- Enabled
- IntrospectionAuthMethod
- Name
- ScopeRequiredToConnect
- ServerDefinition
- UseOIDC
Method Inventory
- AuthenticatorGet()
- AuthenticatorSet()
- Create()
- Delete()
- Exists()
- Export()
- Import()
- IssuerEndpointGet()
- Modify()
Parameters
parameter RESOURCEREQUIRED;
parameter VERSION = 1;
Properties
property AccessTokenIsJWT as %Boolean [ InitialExpression = 1 ];
If true, the access token is expected to be a JWT.
Property methods: AccessTokenIsJWTDisplayToLogical(), AccessTokenIsJWTGet(), AccessTokenIsJWTGetStored(), AccessTokenIsJWTIsValid(), AccessTokenIsJWTLogicalToDisplay(), AccessTokenIsJWTLogicalToXSD(), AccessTokenIsJWTNormalize(), AccessTokenIsJWTSet(), AccessTokenIsJWTXSDToLogical()
property AlwaysCallIntrospection as %Boolean [ InitialExpression = 0 ];
If true and AccessTokenIsJWT, then we will call the introspection endpoint
after validating the token. This is useful if it is necessary to determine if the token has been revoked,
or if the claims have changed since the token was first issued.
Property methods: AlwaysCallIntrospectionDisplayToLogical(), AlwaysCallIntrospectionGet(), AlwaysCallIntrospectionGetStored(), AlwaysCallIntrospectionIsValid(), AlwaysCallIntrospectionLogicalToDisplay(), AlwaysCallIntrospectionLogicalToXSD(), AlwaysCallIntrospectionNormalize(), AlwaysCallIntrospectionSet(), AlwaysCallIntrospectionXSDToLogical()
property Audiences as %List [ Required ];
A list of valid audiences. The aud claim must match one of the values in this list.
Property methods: AudiencesGet(), AudiencesGetStored(), AudiencesIsValid(), AudiencesLogicalToOdbc(), AudiencesLogicalToXSD(), AudiencesOdbcToLogical(), AudiencesSet(), AudiencesXSDToLogical()
property Authenticator as %OAuth2.ResourceServer.Authenticator (XMLPROJECTION = "NONE") [ Transient ];
Implementation class used to determine the username and role mapping from the token claims.
By default this will be an instance of %OAuth2.ResourceServer.SimpleAuthenticator.
Property methods: AuthenticatorGet(), AuthenticatorGetSwizzled(), AuthenticatorIsValid(), AuthenticatorNewObject()
property ClientId as %String);
If configured, this value will be used to authenticate to the Authorization Server when calling the introspection endpoint.
Property methods: ClientIdDisplayToLogical(), ClientIdGet(), ClientIdGetStored(), ClientIdIsValid(), ClientIdLogicalToDisplay(), ClientIdLogicalToOdbc(), ClientIdNormalize(), ClientIdSet()
property ClientSecret as %String);
If configured, this value will be used to authenticate to the Authorization Server when calling the introspection endpoint.
Property methods: ClientSecretDisplayToLogical(), ClientSecretGet(), ClientSecretGetStored(), ClientSecretIsValid(), ClientSecretLogicalToDisplay(), ClientSecretLogicalToOdbc(), ClientSecretNormalize(), ClientSecretSet()
property Description as %String (MAXLEN = 256);
Description of the application.
Property methods: DescriptionDisplayToLogical(), DescriptionGet(), DescriptionGetStored(), DescriptionIsValid(), DescriptionLogicalToDisplay(), DescriptionLogicalToOdbc(), DescriptionNormalize(), DescriptionSet()
property Enabled as %Boolean [ InitialExpression = 1 , Required ];
True if this configuration is enabled.
Property methods: EnabledDisplayToLogical(), EnabledGet(), EnabledGetStored(), EnabledIsValid(), EnabledLogicalToDisplay(), EnabledLogicalToXSD(), EnabledNormalize(), EnabledSet(), EnabledXSDToLogical()
property IntrospectionAuthMethod as %String (VALUELIST = ",client_secret_post,client_secret_basic,none") [ InitialExpression = "none" ];
This value specifies how to authenticate to the Authorization Server when calling the introspection endpoint. Valid values are:
The ClientId and ClientSecret properties specify the values to use.
This value is not relevant if the introspection endpoint is not used.
- "client_secret_post"
- "client_secret_basic"
- "none"
The ClientId and ClientSecret properties specify the values to use.
This value is not relevant if the introspection endpoint is not used.
Property methods: IntrospectionAuthMethodDisplayToLogical(), IntrospectionAuthMethodGet(), IntrospectionAuthMethodGetStored(), IntrospectionAuthMethodIsValid(), IntrospectionAuthMethodLogicalToDisplay(), IntrospectionAuthMethodLogicalToOdbc(), IntrospectionAuthMethodNormalize(), IntrospectionAuthMethodSet()
property Name as %String (MAXLEN = 128, MINLEN = 1) [ Required ];
The name of this Resource Server configuration.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property ScopeRequiredToConnect as %String (MAXLEN = 256);
If specified, this scope must be included in the Access token claims.
Property methods: ScopeRequiredToConnectDisplayToLogical(), ScopeRequiredToConnectGet(), ScopeRequiredToConnectGetStored(), ScopeRequiredToConnectIsValid(), ScopeRequiredToConnectLogicalToDisplay(), ScopeRequiredToConnectLogicalToOdbc(), ScopeRequiredToConnectNormalize(), ScopeRequiredToConnectSet()
property ServerDefinition as OAuth2.ServerDefinition (XMLPROJECTION = "None") [ Required ];
The server definition to use for token validation
Property methods: ServerDefinitionGet(), ServerDefinitionGetObject(), ServerDefinitionGetObjectId(), ServerDefinitionGetStored(), ServerDefinitionGetSwizzled(), ServerDefinitionIsValid(), ServerDefinitionNewObject(), ServerDefinitionSet(), ServerDefinitionSetObject(), ServerDefinitionSetObjectId(), ServerDefinitionUnSwizzle()
property UseOIDC as %Boolean [ InitialExpression = 0 ];
If true and the "openid" scope is included in the access token, then we will call the userinfo endpoint.
Property methods: UseOIDCDisplayToLogical(), UseOIDCGet(), UseOIDCGetStored(), UseOIDCIsValid(), UseOIDCLogicalToDisplay(), UseOIDCLogicalToXSD(), UseOIDCNormalize(), UseOIDCSet(), UseOIDCXSDToLogical()
Methods
method AuthenticatorGet() as %OAuth2.ResourceServer.Authenticator
Create an OAuth2 Resource Server
Name - OAuth2 Resource Server's unique name
Properties - Array of properties corresponding to the class properties
Invalid properties will return an error
classmethod Delete(Name As %String)
Delete an OAuth2 Resource Server
Name - OAuth2 Resource Server's unique name
This method does not return an error if the resource server already does not exist
classmethod Exists(Name As %String, Output ResourceServer As %ObjectHandle, Output Status As %Status) as %Boolean
This method checks for the existence of an OAuth2 Resource Server
Parameters:
Name= Name of the OAuth2.ResourceServer to check existence
Return values:
If Value of the method = 0 (Resource Server does not exist, or some error occured)
ResourceServer = Null
Status = Resource Server does not exist, or other error message
If Value of the method = 1 (Resource Server exists)
ResourceServer = Object handle to ResourceServer
Status = $$$OK
classmethod Export(FileName As %String = "OAuth2ResourceExport.xml", Servers As %String = "*", Output NumExported As %Integer) as %Status
This method exports OAuth2 Resource Servers to a file in xml format. Associated OAuth2.ResourceServer.Mapping objects are also exported.
Parameters:
Filename - Output file name
Servers - Comma separated list of names of resource servers to export, "*" = All.
NumExported (byref) - Returns number of records exported.
Parameters:
Filename - Output file name
Servers - Comma separated list of names of resource servers to export, "*" = All.
NumExported (byref) - Returns number of records exported.
classmethod Import(FileName As %String = "OAuth2ResourceExport.xml", Output NumImported As %Integer, Flags As %Integer = 0) as %Status
Import OAuth2 Resource Server from an xml file.
Parameters:
FileName - Filename to import OAuth2 Resource Servers
NumImported (byref) - Returns number of OAuth2 Resource Servers imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
Parameters:
FileName - Filename to import OAuth2 Resource Servers
NumImported (byref) - Returns number of OAuth2 Resource Servers imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
method IssuerEndpointGet() as %Status
Modify a OAuth2 Resource Server
Name - OAuth2 Resource Server's unique name
Properties - Array of properties corresponding to the class properties
Invalid properties will return an error
Queries
query List()
SQL Query:
SELECT Name, ServerDefinition->IssuerEndpoint As ServerDefinition FROM ResourceServer ORDER BY Name
SELECT Name, ServerDefinition->IssuerEndpoint As ServerDefinition FROM ResourceServer ORDER BY Name
Indexes
index (IDIndex on Name) [IdKey, Type = key, Unique];
The IDKEY for the application class.
Index methods: IDIndexCheck(), IDIndexDelete(), IDIndexExists(), IDIndexOpen(), IDIndexSQLCheckUnique(), IDIndexSQLExists(), IDIndexSQLFindPKeyByConstraint(), IDIndexSQLFindRowIDByConstraint()
Inherited Members
Inherited Methods
- %%CLASSNAMELogicalToStorage()
- %%CLASSNAMEStorageToLogical()
- %AddToSaveSet()
- %AddToSyncSet()
- %BMEBuilt()
- %BuildIndicesAsync()
- %BuildIndicesAsyncResponse()
- %CheckConstraints()
- %CheckConstraintsForExtent()
- %ClassIsLatestVersion()
- %ClassName()
- %ComposeOid()
- %ConstructClone()
- %Delete()
- %DeleteExtent()
- %DeleteId()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Exists()
- %ExistsId()
- %Extends()
- %GUID()
- %GUIDSet()
- %GetLock()
- %GetParameter()
- %GetSwizzleObject()
- %Id()
- %InsertBatch()
- %IsA()
- %IsModified()
- %IsNull()
- %KillExtent()
- %KillExtentData()
- %LoadFromMemory()
- %LockExtent()
- %LockId()
- %New()
- %NormalizeObject()
- %ObjectIsNull()
- %ObjectModified()
- %Oid()
- %OnBeforeAddToSync()
- %OnDeleteFinally()
- %OnDetermineClass()
- %OnOpenFinally()
- %OnSaveFinally()
- %Open()
- %OpenId()
- %OriginalNamespace()
- %PackageName()
- %PhysicalAddress()
- %PurgeIndices()
- %Reload()
- %RemoveFromSaveSet()
- %ResolveConcurrencyConflict()
- %RollBack()
- %Save()
- %SaveDirect()
- %SaveIndices()
- %SerializeObject()
- %SetModified()
- %SortBegin()
- %SortEnd()
- %SyncObjectIn()
- %SyncTransport()
- %UnlockExtent()
- %UnlockId()
- %ValidateIndices()
- %ValidateObject()
- %ValidateTable()
- XMLDTD()
- XMLExport()
- XMLExportToStream()
- XMLExportToString()
- XMLNew()
- XMLSchema()
- XMLSchemaNamespace()
- XMLSchemaType()