OAuth2.ResourceServer
persistent class OAuth2.ResourceServer extends %Library.Persistent
SQL Table Name: OAuth2.ResourceServer
OAuth2.ResourceServer defines an OAuth2 Resource Server as described in RFC 6749. A Resource Server's primary responsibility is to receive incoming access tokens, validate them and determine access based on the context.Property Inventory
- AccessTokenIsJWT
- AlwaysCallIntrospection
- Audiences
- Authenticator
- ClientId
- ClientSecret
- Description
- Enabled
- IntrospectionAuthMethod
- Name
- ScopeRequiredToConnect
- ServerDefinition
- UseOIDC
Method Inventory
Parameters
parameter RESOURCEREQUIRED;
Properties
property AccessTokenIsJWT as %Boolean [ InitialExpression = 1 ];
If true, the access token is expected to be a JWT.
Property methods: AccessTokenIsJWTDisplayToLogical(), AccessTokenIsJWTGet(), AccessTokenIsJWTGetStored(), AccessTokenIsJWTIsValid(), AccessTokenIsJWTLogicalToDisplay(), AccessTokenIsJWTNormalize(), AccessTokenIsJWTSet()
property AlwaysCallIntrospection as %Boolean [ InitialExpression = 0 ];
If true and AccessTokenIsJWT, then we will call the introspection endpoint
after validating the token. This is useful if it is necessary to determine if the token has been revoked,
or if the claims have changed since the token was first issued.
Property methods: AlwaysCallIntrospectionDisplayToLogical(), AlwaysCallIntrospectionGet(), AlwaysCallIntrospectionGetStored(), AlwaysCallIntrospectionIsValid(), AlwaysCallIntrospectionLogicalToDisplay(), AlwaysCallIntrospectionNormalize(), AlwaysCallIntrospectionSet()
property Audiences as %List [ Required ];
A list of valid audiences. The aud claim must match one of the values in this list.
Property methods: AudiencesGet(), AudiencesGetStored(), AudiencesIsValid(), AudiencesLogicalToOdbc(), AudiencesOdbcToLogical(), AudiencesSet()
property Authenticator as %OAuth2.ResourceServer.Authenticator [ Transient ];
Implementation class used to determine the username and role mapping from the token claims.
By default this will be an instance of %OAuth2.ResourceServer.SimpleAuthenticator.
Property methods: AuthenticatorGet(), AuthenticatorGetSwizzled(), AuthenticatorIsValid(), AuthenticatorNewObject()
property ClientId as %String);
If configured, this value will be used to authenticate to the Authorization Server when calling the introspection endpoint.
Property methods: ClientIdDisplayToLogical(), ClientIdGet(), ClientIdGetStored(), ClientIdIsValid(), ClientIdLogicalToDisplay(), ClientIdLogicalToOdbc(), ClientIdNormalize(), ClientIdSet()
property ClientSecret as %String);
If configured, this value will be used to authenticate to the Authorization Server when calling the introspection endpoint.
Property methods: ClientSecretDisplayToLogical(), ClientSecretGet(), ClientSecretGetStored(), ClientSecretIsValid(), ClientSecretLogicalToDisplay(), ClientSecretLogicalToOdbc(), ClientSecretNormalize(), ClientSecretSet()
property Description as %String (MAXLEN = 256);
Description of the application.
Property methods: DescriptionDisplayToLogical(), DescriptionGet(), DescriptionGetStored(), DescriptionIsValid(), DescriptionLogicalToDisplay(), DescriptionLogicalToOdbc(), DescriptionNormalize(), DescriptionSet()
property Enabled as %Boolean [ InitialExpression = 1 , Required ];
True if this configuration is enabled.
Property methods: EnabledDisplayToLogical(), EnabledGet(), EnabledGetStored(), EnabledIsValid(), EnabledLogicalToDisplay(), EnabledNormalize(), EnabledSet()
property IntrospectionAuthMethod as %String (VALUELIST = ",client_secret_post,client_secret_basic,none") [ InitialExpression = "none" ];
This value specifies how to authenticate to the Authorization Server when calling the introspection endpoint. Valid values are:
The ClientId and ClientSecret properties specify the values to use.
This value is not relevant if the introspection endpoint is not used.
- "client_secret_post"
- "client_secret_basic"
- "none"
The ClientId and ClientSecret properties specify the values to use.
This value is not relevant if the introspection endpoint is not used.
Property methods: IntrospectionAuthMethodDisplayToLogical(), IntrospectionAuthMethodGet(), IntrospectionAuthMethodGetStored(), IntrospectionAuthMethodIsValid(), IntrospectionAuthMethodLogicalToDisplay(), IntrospectionAuthMethodLogicalToOdbc(), IntrospectionAuthMethodNormalize(), IntrospectionAuthMethodSet()
property Name as %String (MAXLEN = 128, MINLEN = 1) [ Required ];
The name of this Resource Server configuration.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property ScopeRequiredToConnect as %String (MAXLEN = 256);
If specified, this scope must be included in the Access token claims.
Property methods: ScopeRequiredToConnectDisplayToLogical(), ScopeRequiredToConnectGet(), ScopeRequiredToConnectGetStored(), ScopeRequiredToConnectIsValid(), ScopeRequiredToConnectLogicalToDisplay(), ScopeRequiredToConnectLogicalToOdbc(), ScopeRequiredToConnectNormalize(), ScopeRequiredToConnectSet()
property ServerDefinition as OAuth2.ServerDefinition [ Required ];
The server definition to use for token validation
Property methods: ServerDefinitionGet(), ServerDefinitionGetObject(), ServerDefinitionGetObjectId(), ServerDefinitionGetStored(), ServerDefinitionGetSwizzled(), ServerDefinitionIsValid(), ServerDefinitionNewObject(), ServerDefinitionSet(), ServerDefinitionSetObject(), ServerDefinitionSetObjectId(), ServerDefinitionUnSwizzle()
property UseOIDC as %Boolean [ InitialExpression = 0 ];
If true and the "openid" scope is included in the access token, then we will call the userinfo endpoint.
Property methods: UseOIDCDisplayToLogical(), UseOIDCGet(), UseOIDCGetStored(), UseOIDCIsValid(), UseOIDCLogicalToDisplay(), UseOIDCNormalize(), UseOIDCSet()
Methods
method AuthenticatorGet() as %OAuth2.ResourceServer.Authenticator
Queries
query List()
SQL Query:
SELECT Name, ServerDefinition->IssuerEndpoint As ServerDefinition FROM ResourceServer ORDER BY Name
SELECT Name, ServerDefinition->IssuerEndpoint As ServerDefinition FROM ResourceServer ORDER BY Name
Indexes
index (IDIndex on Name) [IdKey, Type = key, Unique];
The IDKEY for the application class.
Index methods: IDIndexCheck(), IDIndexDelete(), IDIndexExists(), IDIndexOpen(), IDIndexSQLCheckUnique(), IDIndexSQLExists(), IDIndexSQLFindPKeyByConstraint(), IDIndexSQLFindRowIDByConstraint()
Inherited Members
Inherited Methods
- %%CLASSNAMELogicalToStorage()
- %%CLASSNAMEStorageToLogical()
- %AddToSaveSet()
- %AddToSyncSet()
- %BMEBuilt()
- %BuildIndicesAsync()
- %BuildIndicesAsyncResponse()
- %CheckConstraints()
- %CheckConstraintsForExtent()
- %ClassIsLatestVersion()
- %ClassName()
- %ComposeOid()
- %ConstructClone()
- %Delete()
- %DeleteExtent()
- %DeleteId()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Exists()
- %ExistsId()
- %Extends()
- %GUID()
- %GUIDSet()
- %GetLock()
- %GetParameter()
- %GetSwizzleObject()
- %Id()
- %InsertBatch()
- %IsA()
- %IsModified()
- %IsNull()
- %KillExtent()
- %KillExtentData()
- %LoadFromMemory()
- %LockExtent()
- %LockId()
- %New()
- %NormalizeObject()
- %ObjectIsNull()
- %ObjectModified()
- %Oid()
- %OnBeforeAddToSync()
- %OnDeleteFinally()
- %OnDetermineClass()
- %OnOpenFinally()
- %OnSaveFinally()
- %Open()
- %OpenId()
- %OriginalNamespace()
- %PackageName()
- %PhysicalAddress()
- %PurgeIndices()
- %Reload()
- %RemoveFromSaveSet()
- %ResolveConcurrencyConflict()
- %RollBack()
- %Save()
- %SaveDirect()
- %SaveIndices()
- %SerializeObject()
- %SetModified()
- %SortBegin()
- %SortEnd()
- %SyncObjectIn()
- %SyncTransport()
- %UnlockExtent()
- %UnlockId()
- %ValidateIndices()
- %ValidateObject()
- %ValidateTable()