Skip to main content


class Ens.Util.OAuth2.Settings extends %Library.RegisteredObject

This class is used to add the necessary OAuth2 property settings to adapters/host items. Initial implementation is to allow EMail adapters to use SASL XOAUTH2

Property Inventory

Method Inventory


parameter DEFAULTOAUTH2CALLBACKHANDLER = Ens.Util.OAuth2.Handler;
Default OAuth2 Call Back Handler class.
parameter SETTINGS = OAuth2ApplicationName:OAuth2,OAuth2GrantType:OAuth2,OAuth2CallBackHandler:OAuth2,OAuth2Scope:OAuth2,OAuth2AuthProperties:OAuth2,OAuth2JWTSubject:OAuth2 Grant Specific,OAuth2AuthorizationWorkFlowRole:OAuth2;
Expose the properties by default.


property OAuth2ApplicationName as %String (MAXLEN = 128);
Optional - OAuth2 Client Configuration Application name to use.
If specified sub classes can use this as an indication that OAUTH2 is to be used and the name is used in the Authorization and Access Token retrieval process.
Property methods: OAuth2ApplicationNameDisplayToLogical(), OAuth2ApplicationNameGet(), OAuth2ApplicationNameIsValid(), OAuth2ApplicationNameLogicalToDisplay(), OAuth2ApplicationNameLogicalToOdbc(), OAuth2ApplicationNameNormalize(), OAuth2ApplicationNameSet()
property OAuth2AuthProperties as %String) [ InitialExpression = "access_type=offline" ];
Optional - extra properties to included in the grant flow authorization process.
Comma separated key value pairs such as access_type=offline,prompt=consent
Property methods: OAuth2AuthPropertiesDisplayToLogical(), OAuth2AuthPropertiesGet(), OAuth2AuthPropertiesIsValid(), OAuth2AuthPropertiesLogicalToDisplay(), OAuth2AuthPropertiesLogicalToOdbc(), OAuth2AuthPropertiesNormalize(), OAuth2AuthPropertiesSet()
property OAuth2AuthorizationWorkFlowRole as %String [ InitialExpression = $$$EnsWFRoleOAuth2Authorizers ];
Optional - This is the Workflow Role to which authorization requests will be sent depending on Grant Type flow
Property methods: OAuth2AuthorizationWorkFlowRoleDisplayToLogical(), OAuth2AuthorizationWorkFlowRoleGet(), OAuth2AuthorizationWorkFlowRoleIsValid(), OAuth2AuthorizationWorkFlowRoleLogicalToDisplay(), OAuth2AuthorizationWorkFlowRoleLogicalToOdbc(), OAuth2AuthorizationWorkFlowRoleNormalize(), OAuth2AuthorizationWorkFlowRoleSet()
property OAuth2CallBackHandler as %String (MAXLEN = 64) [ InitialExpression = ..#DEFAULTOAUTH2CALLBACKHANDLER ];
If OAuth2AppName is specified this class is used to handle obtaining the access token.
The default is Ens.Util.XOAuth2.Handler which can be subclassed for access token retrieval customization.
Property methods: OAuth2CallBackHandlerDisplayToLogical(), OAuth2CallBackHandlerGet(), OAuth2CallBackHandlerIsValid(), OAuth2CallBackHandlerLogicalToDisplay(), OAuth2CallBackHandlerLogicalToOdbc(), OAuth2CallBackHandlerNormalize()
property OAuth2GrantType as %String (DISPLAYLIST = ",Authorization Code,Client Credentials,JWT Authorization", VALUELIST = ",AuthCode,ClientCredentials,JWTAuth") [ InitialExpression = "AuthCode" ];
If using OAUTH2 this is the grant type flow that the OAuth2CallBackHandler will follow.
Ability to follow the grant flow type will depend on the OAuth2CallBackHandler as well as IRIS and the external OAuth2 server's support for the grant type flow.
Property methods: OAuth2GrantTypeDisplayToLogical(), OAuth2GrantTypeGet(), OAuth2GrantTypeIsValid(), OAuth2GrantTypeLogicalToDisplay(), OAuth2GrantTypeLogicalToOdbc(), OAuth2GrantTypeNormalize(), OAuth2GrantTypeSet()
property OAuth2GrantTypeSpecific as %DynamicObject;
Dynamic Object containing optional Grant Type specific values for example pGrantTypeSpecific.JWTAuth.Subject.
It is constructed from other properties. Currently OAuth2JWTSubject
Property methods: OAuth2GrantTypeSpecificGet(), OAuth2GrantTypeSpecificGetObject(), OAuth2GrantTypeSpecificGetObjectId(), OAuth2GrantTypeSpecificGetSwizzled(), OAuth2GrantTypeSpecificIsValid(), OAuth2GrantTypeSpecificNewObject(), OAuth2GrantTypeSpecificSet(), OAuth2GrantTypeSpecificSetObject(), OAuth2GrantTypeSpecificSetObjectId(), OAuth2GrantTypeSpecificUnSwizzle()
property OAuth2JWTSubject as %String (MAXLEN = 256);
Optional - This is the JWT Subject when using the JWT Authorization Grant Type flow
Property methods: OAuth2JWTSubjectDisplayToLogical(), OAuth2JWTSubjectGet(), OAuth2JWTSubjectIsValid(), OAuth2JWTSubjectLogicalToDisplay(), OAuth2JWTSubjectLogicalToOdbc(), OAuth2JWTSubjectNormalize(), OAuth2JWTSubjectSet()
property OAuth2Scope as %String (MAXLEN = 256);
Optional - Specify the scope to be included in the authorization request.
If not specified the default scope specified in the OAuth2 Client Configuration Application name.
Property methods: OAuth2ScopeDisplayToLogical(), OAuth2ScopeGet(), OAuth2ScopeIsValid(), OAuth2ScopeLogicalToDisplay(), OAuth2ScopeLogicalToOdbc(), OAuth2ScopeNormalize(), OAuth2ScopeSet()
property OAuth2SessionId as %String (MAXLEN = 50);
This is the OAuth2 session Id (different from Interoperability Message Session Id) which is combined with the OAuth2 Application name to identify the Access Token source.
The maximum length is 50 characters and if shared with other host items it is necessary to ensure the authorization is appropriate.
Any custom value cannot include ||
If none is specified the combination of namespace,production,config name is used to create an instance wide unique string.
Property methods: OAuth2SessionIdDisplayToLogical(), OAuth2SessionIdIsValid(), OAuth2SessionIdLogicalToDisplay(), OAuth2SessionIdLogicalToOdbc(), OAuth2SessionIdNormalize(), OAuth2SessionIdSet()


method OAuth2CallBackHandlerSet(tOAuth2CallBackHandler As %String) as %Status
Check that the OAuth2 Call Back Handler class extends the system default OAuth2 Call Back Handler class
method OAuth2GrantTypeSpecificGet() as %String
Construct Grant Type specific dynamic object.
method OAuth2SessionIdGet() as %String
Use the default if not set using the method GetDefaultSessionIdForRunningHostItem() in the OAuth2 Call Back Handler class.

Inherited Members

Inherited Methods


FeedbackOpens in a new tab