persistent class OAuth2.AccessToken extends %Library.Persistent

SQL Table Name: OAuth2.AccessToken

OAuth2.AccessToken stores an OAuth 2.0 access token and its related information.
OAuth2.AccessToken is indexed by the combination of SessionId and ApplicationName. Therefore, only one scope may be requested for each SessionId/ApplicationName. If a second request is made with a different scope and access token has yet been granted, the scope in the new request becomes the expected scope.

Property Inventory

Method Inventory


property AccessToken as %String (COLLATION = "EXACT");
The access token
Property methods: AccessTokenDisplayToLogical(), AccessTokenGet(), AccessTokenGetStored(), AccessTokenIsValid(), AccessTokenLogicalToDisplay(), AccessTokenLogicalToOdbc(), AccessTokenNormalize(), AccessTokenSet()
property ApplicationName as %String (COLLATION = "EXACT", MAXLEN = 64, MINLEN = 1) [ Required ];
This access token is linked to this client application.
Property methods: ApplicationNameDisplayToLogical(), ApplicationNameGet(), ApplicationNameGetStored(), ApplicationNameIsValid(), ApplicationNameLogicalToDisplay(), ApplicationNameLogicalToOdbc(), ApplicationNameNormalize(), ApplicationNameSet()
property CodeVerifier as %String);
Code verifier sent with authorization requests when using the authorization_code grant type. This is in accordance with PKCE (RFC7636).
Property methods: CodeVerifierDisplayToLogical(), CodeVerifierGet(), CodeVerifierGetStored(), CodeVerifierIsValid(), CodeVerifierLogicalToDisplay(), CodeVerifierLogicalToOdbc(), CodeVerifierNormalize(), CodeVerifierSet()
property Error as %OAuth2.Error;
Error object for error during authorization
Property methods: ErrorGet(), ErrorGetObject(), ErrorGetObjectId(), ErrorGetStored(), ErrorGetSwizzled(), ErrorIsEmpty(), ErrorIsValid(), ErrorNewObject(), ErrorSet(), ErrorSetObject(), ErrorSetObjectId(), ErrorUnSwizzle()
property Expires as %Integer;
The time when the token expires in seconds since December 31st, 1840 (i.e. since beginning of $h)
Property methods: ExpiresDisplayToLogical(), ExpiresGet(), ExpiresGetStored(), ExpiresIsValid(), ExpiresLogicalToDisplay(), ExpiresNormalize(), ExpiresSet()
property GrantType as %String (VALUELIST = ",A,I,P,C,J");
GrantType is the grant type that was used to create this access token: - "A" - Authorization Code - "I" - Implicit - "P" - Resource Owner Password Credentials - "C" - Client Credentials - "J" - JWT Authorization
Property methods: GrantTypeDisplayToLogical(), GrantTypeGet(), GrantTypeGetStored(), GrantTypeIsValid(), GrantTypeLogicalToDisplay(), GrantTypeLogicalToOdbc(), GrantTypeNormalize(), GrantTypeSet()
property Hash as %String (COLLATION = "EXACT", MAXLEN = 64);
SHA512 hash of the AccessToken to be used for indexing
Property methods: HashDisplayToLogical(), HashGet(), HashGetStored(), HashIsValid(), HashLogicalToDisplay(), HashLogicalToOdbc(), HashNormalize(), HashSet()
property IDHash as %String (COLLATION = "EXACT", MAXLEN = 64);
SHA512 hash of the IDToken to be used for indexing
Property methods: IDHashDisplayToLogical(), IDHashGet(), IDHashGetStored(), IDHashIsValid(), IDHashLogicalToDisplay(), IDHashLogicalToOdbc(), IDHashNormalize(), IDHashSet()
property IDToken as %String (COLLATION = "EXACT");
The IDToken
Property methods: IDTokenDisplayToLogical(), IDTokenGet(), IDTokenGetStored(), IDTokenIsValid(), IDTokenLogicalToDisplay(), IDTokenLogicalToOdbc(), IDTokenNormalize(), IDTokenSet()
property Nonce as %String;
Nonce for OpenID Connect request. This nonce must be included in the IDToken.
Property methods: NonceDisplayToLogical(), NonceGet(), NonceGetStored(), NonceIsValid(), NonceLogicalToDisplay(), NonceLogicalToOdbc(), NonceNormalize(), NonceSet()
property RefreshToken as %String);
The refresh token that is returned by the authorization server or "".
Property methods: RefreshTokenDisplayToLogical(), RefreshTokenGet(), RefreshTokenGetStored(), RefreshTokenIsValid(), RefreshTokenLogicalToDisplay(), RefreshTokenLogicalToOdbc(), RefreshTokenNormalize(), RefreshTokenSet()
property ResponseMode as %String;
The response_mode of the access token request: query or fragment
Property methods: ResponseModeDisplayToLogical(), ResponseModeGet(), ResponseModeGetStored(), ResponseModeIsValid(), ResponseModeLogicalToDisplay(), ResponseModeLogicalToOdbc(), ResponseModeNormalize(), ResponseModeSet()
property ResponseProperties as array of %String (MAXLEN = 8192);
ResponseProperties contains the response properties from the access token request where the key is the property name and the value is the property value.
Property methods: ResponsePropertiesBuildValueArray(), ResponsePropertiesCollectionToDisplay(), ResponsePropertiesCollectionToOdbc(), ResponsePropertiesDisplayToCollection(), ResponsePropertiesDisplayToLogical(), ResponsePropertiesGet(), ResponsePropertiesGetObject(), ResponsePropertiesGetObjectId(), ResponsePropertiesGetStored(), ResponsePropertiesGetSwizzled(), ResponsePropertiesIsValid(), ResponsePropertiesLogicalToDisplay(), ResponsePropertiesLogicalToOdbc(), ResponsePropertiesNormalize(), ResponsePropertiesOdbcToCollection(), ResponsePropertiesSet(), ResponsePropertiesSetObject(), ResponsePropertiesSetObjectId()
property ResponseType as %String;
The response_type of the access token request
Property methods: ResponseTypeDisplayToLogical(), ResponseTypeGet(), ResponseTypeGetStored(), ResponseTypeIsValid(), ResponseTypeLogicalToDisplay(), ResponseTypeLogicalToOdbc(), ResponseTypeNormalize(), ResponseTypeSet()
property Scope as %String (MAXLEN = 1024);
Blank separated list of scope names which this token supports
Property methods: ScopeDisplayToLogical(), ScopeGet(), ScopeGetStored(), ScopeIsValid(), ScopeLogicalToDisplay(), ScopeLogicalToOdbc(), ScopeNormalize(), ScopeSet()
property SessionId as %String (COLLATION = "EXACT") [ Required ];
This access token is linked to the session whose id is here.
Property methods: SessionIdDisplayToLogical(), SessionIdGet(), SessionIdGetStored(), SessionIdIsValid(), SessionIdLogicalToDisplay(), SessionIdLogicalToOdbc(), SessionIdNormalize(), SessionIdSet()
property State as %String (COLLATION = "EXACT", MAXLEN = 1024);
The base64 encoded random state associated with request to Authorization Server.
Property methods: StateDisplayToLogical(), StateGet(), StateGetStored(), StateIsValid(), StateLogicalToDisplay(), StateLogicalToOdbc(), StateNormalize(), StateSet()
property TemporarySession as %Boolean [ InitialExpression = 0 ];
If TemporarySession is true, then this access token object was created for a temproary session by %OAuth2.Login. This object should not be deleted by the end session event handler.
Property methods: TemporarySessionDisplayToLogical(), TemporarySessionGet(), TemporarySessionGetStored(), TemporarySessionIsValid(), TemporarySessionLogicalToDisplay(), TemporarySessionNormalize(), TemporarySessionSet()
property TokenType as %String;
The token type that is returned from the authorization server.
Property methods: TokenTypeDisplayToLogical(), TokenTypeGet(), TokenTypeGetStored(), TokenTypeIsValid(), TokenTypeLogicalToDisplay(), TokenTypeLogicalToOdbc(), TokenTypeNormalize(), TokenTypeSet()


method ClearError() [ Language = objectscript ]
Clear the error.
method IsError() as %Boolean [ Language = objectscript ]
Return if an error been set.
method IsExpired() as %Boolean [ Language = objectscript ]
Check if this token is expired
method IsOpenID() as %Boolean [ Language = objectscript ]
Is this an OpenID authorization request? Find out by looking for openid scope.
classmethod Open(accessToken As %String, Output sc As %Status) as OAuth2.AccessToken [ Language = objectscript ]
Open an OAuth2.AccessToken instance based on the AccessToken property
classmethod OpenByIDToken(IDToken As %String, Output sc As %Status) as OAuth2.AccessToken [ Language = objectscript ]
Open an OAuth2.AccessToken instance based on the IDToken property
classmethod OpenForSession(applicationName As %String, sessionId As %String, Output sc As %Status) as OAuth2.AccessToken [ Language = objectscript ]
Open an OAuth2.AccessToken instance based on the session and client application that it is linked to.
method Remove() as %Status [ Language = objectscript ]
Remove this token from the client
method SetError(error As %OAuth2.Error) [ Language = objectscript ]
Set the error.


index (IDKEY on ) [IdKey, Type = key];
Index methods: IDKEYCheck(), IDKEYDelete(), IDKEYExists(), IDKEYOpen(), IDKEYSQLCheckUnique(), IDKEYSQLExists(), IDKEYSQLFindPKeyByConstraint(), IDKEYSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods


Storage Model: Storage (OAuth2.AccessToken)


Storage Model: Storage (OAuth2.AccessToken)