InterSystems IRIS Data Platform 2019.2  /  Using OAuth 2.0 and OpenID Connect

Using OAuth 2.0 and OpenID Connect
Implementing DirectLogin()
Previous section           Next section
InterSystems: The power behind what matters   

When you use InterSystems IRIS as an OAuth 2.0 authorization server, normally you implement the DisplayLogin() method of the Authenticate class, which displays a page where the user enters a username and password and logs in. If you instead want the server to authenticate without displaying a login form and without using the current session, then implement the DirectLogin() method of the Authenticate class. The following flowchart shows how an InterSystems IRIS authorization server identifies the user, when processing a request for an access token:
By default, the GetUser() method gets the username that was entered in the previous login.
Note that DisplayPermissions() is not called if you implement DirectLogin(), because DirectLogin() takes responsibility for displaying permissions.
The DirectLogin() method has the following signature:
ClassMethod DirectLogin(scope As %ArrayOfDataTypes, 
                        properties As %OAuth2.Server.Properties, 
                        Output username As %String, 
                        Output password As %String) As %Status
In your implementation, use your own logic to set the username and password arguments. To do so, use the scope and properties arguments as needed. To deny access, your method can set the username argument to $char(0). In this case, the authorization server will return the access_denied error.
The method can also set properties of properties; this object is available in later processing.
The method must return a %Status.

Previous section           Next section
Send us comments on this page
View this book as PDF   |  Download all PDFs
Copyright © 1997-2019 InterSystems Corporation, Cambridge, MA
Content Date/Time: 2019-09-18 06:45:48