Skip to main content

Ens.Util.OAuth2.Handler

class Ens.Util.OAuth2.Handler extends %Library.RegisteredObject

This class is used to obtain the Access Token for use in Interoperability adapters.
Subclass to implement custom call backs.

Method Inventory

Methods

classmethod GetDefaultSessionIdForRunningHostItem() as %String
Method to generate a SessionId property for use in OAuth2.AccessToken instance.
Limited to 50 characters and cannot use || due to use in combined index - hence replace any | with :
classmethod OnGetAccessToken(pCallerInstance As %RegisteredObject = "", pOAuth2GrantType As %String, pOAuth2ApplicationName As %String = "", pOAuth2SessionId As %String, pOAuth2Resource As %String, ByRef pOAuth2Scope As %String, ByRef pOAuth2AuthProperties As %String, ByRef pGrantTypeSpecific As %DynamicObject, Output pOAuth2IsAuthorized As %Boolean = 0, Output pOAuth2AccessToken As %String = "", Output pOAuth2HostShouldRetry As %Boolean = 0) as %Status
Method to invoke %SYS.OAuth2.AccessToken IsAuthorized().
If authorization fails call a method with name generated from pOAuth2GrantType:
OnNotAuthorizedGrantAuthCode()
OnNotAuthorizedGrantClientCredentials()
OnNotAuthorizedGrantJWTAuth()
Parameters:
pCallerInstance - optional instance of the caller. Code needs to guard against it being not an object of the expected type
pOAuth2GrantType - Grant type flow requested (AuthCode,ClientCredentials or JWTAuth)
pOAuth2ApplicationName - OAuth2 Client Configuration Application name
pOAuth2SessionId - OAuth2 session Id (different from Interoperability Message Sesssion Id) which is combined with the OAuth2 Application name to identify the Access Token source.
pOAuth2Resource - Free form string indicating resource the caller wants to access.
pOAuth2Scope - Scope required. If not specified uses default given in the Auth2 Client Configuration.
pOAuth2AuthProperties - Properties to be set when requesting authorization.
pOAuth2AuthProperties may not be defined, it maybe empty string, it maybe comma delimited key=value pairs, it may already be an array with (key)=value
pGrantTypeSpecific - Dynamic Object containing optional Grant Type specific values for example pGrantTypeSpecific.JWTAuth.Subject.
pOAuth2IsAuthorized - Output indicating if already authorised.
pOAuth2AccessToken - Output of Access Token if authorized.
pOAuth2HostShouldRetry - Output boolean that can be used by caller to indicate message ought to be retried if waiting on authorization. Expected to be used by Business Operations.
classmethod OnNotAuthorizedGrantAuthCode(pCallerInstance As %RegisteredObject, pOAuth2ApplicationName As %String, pOAuth2SessionId As %String, pOAuth2Resource As %String, ByRef pOAuth2Scope As %String, ByRef pOAuth2AuthPropertiesArray, ByRef pGrantTypeSpecific As %DynamicObject) as %Status
This method will generate a Workflow Request, if one is not already outstanding, to request the manual authorization using the URL generated from %SYS.OAuth2.Authorization GetAuthorizationCodeEndpoint()
Parameters as per subset of OnGetAccessToken() with the exception of pGrantTypeSpecific which is dynamic object with data applicable to specific grant types. Default Handler is currently only passing in JWT Subject in pGrantTypeSpecific.
classmethod OnNotAuthorizedGrantClientCredentials(pCallerInstance As %RegisteredObject, pOAuth2ApplicationName As %String, pOAuth2SessionId As %String, pOAuth2Resource As %String, ByRef pOAuth2Scope As %String, ByRef pOAuth2AuthPropertiesArray, ByRef pGrantTypeSpecific As %DynamicObject) as %Status
This calls %SYS.OAuth2.Authorization GetAccessTokenClient()
Parameters as per subset of OnGetAccessToken()
classmethod OnNotAuthorizedGrantJWTAuth(pCallerInstance As %RegisteredObject, pOAuth2ApplicationName As %String, pOAuth2SessionId As %String, pOAuth2Resource As %String, ByRef pOAuth2Scope As %String, ByRef pOAuth2AuthPropertiesArray, ByRef pGrantTypeSpecific As %DynamicObject) as %Status
This calls %SYS.OAuth2.Authorization GetAccessTokenJWT() Parameters as per subset of OnGetAccessToken() with the exception of pGrantTypeSpecific which is dynamic object with data applicable to specific grant types. Default Handler is currently only passing in JWT Subject in pGrantTypeSpecific.

Inherited Members

Inherited Methods

FeedbackOpens in a new tab