Skip to main content


persistent class OAuth2.Server.Client extends %Library.Persistent

SQL Table Name: OAuth2_Server.Client

OAuth2.Server.Client is a persistent class which describes the clients which have registered with this authorization server. This class is used internally by InterSystems IRIS. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class.

Property Inventory

Method Inventory


property ClientCredentials as %String;
ClientCredentials is the alias of the %SYS.X509Credentials object which contains the client's certificate.
Property methods: ClientCredentialsDisplayToLogical(), ClientCredentialsGet(), ClientCredentialsGetStored(), ClientCredentialsIsValid(), ClientCredentialsLogicalToDisplay(), ClientCredentialsLogicalToOdbc(), ClientCredentialsNormalize(), ClientCredentialsSet()
property ClientId as %String (MAXLEN = 1024, MINLEN = 1) [ Required ];
The unique id which we generate for this client.
Property methods: ClientIdDisplayToLogical(), ClientIdGet(), ClientIdGetStored(), ClientIdIsValid(), ClientIdLogicalToDisplay(), ClientIdLogicalToOdbc(), ClientIdNormalize(), ClientIdSet()
property ClientSecret as %String (MAXLEN = 1024);
ClientSecret is the secret which is used as a client password.
Property methods: ClientSecretDisplayToLogical(), ClientSecretGet(), ClientSecretGetStored(), ClientSecretIsValid(), ClientSecretLogicalToDisplay(), ClientSecretLogicalToOdbc(), ClientSecretNormalize(), ClientSecretSet()
property ClientType as %String (VALUELIST = ",public,confidential,resource") [ Required ];
The type of client configuration:
public - a public client. See RFC 6749 confidential - a confidential client. See RFC 6749 resource - a resource server which is not also a client.
Chosen by user during configuration. Will usually be confidential client for an InterSystems IRIS application.
Property methods: ClientTypeDisplayToLogical(), ClientTypeGet(), ClientTypeGetStored(), ClientTypeIsValid(), ClientTypeLogicalToDisplay(), ClientTypeLogicalToOdbc(), ClientTypeNormalize(), ClientTypeSet()
property DefaultScope as %String);
DefaultScope is a blank separated list containing the default for access token scope if scope is not specified in the access token request.
Property methods: DefaultScopeDisplayToLogical(), DefaultScopeGet(), DefaultScopeGetStored(), DefaultScopeIsValid(), DefaultScopeLogicalToDisplay(), DefaultScopeLogicalToOdbc(), DefaultScopeNormalize(), DefaultScopeSet()
property Description as %String (MAXLEN = 256);
Description of the client.
Chosen by user during configuration.
Property methods: DescriptionDisplayToLogical(), DescriptionGet(), DescriptionGetStored(), DescriptionIsValid(), DescriptionLogicalToDisplay(), DescriptionLogicalToOdbc(), DescriptionNormalize(), DescriptionSet()
property LaunchURL as %String);
LaunchURL is the URL used to launch this client. LaunchURL may be used in some circumstances to identify the client and as the value of the aud claim.
Property methods: LaunchURLDisplayToLogical(), LaunchURLGet(), LaunchURLGetStored(), LaunchURLIsValid(), LaunchURLLogicalToDisplay(), LaunchURLLogicalToOdbc(), LaunchURLNormalize(), LaunchURLSet()
property Metadata as OAuth2.Client.Metadata;
The meta data which describes this client.
Property methods: MetadataGet(), MetadataGetObject(), MetadataGetObjectId(), MetadataGetStored(), MetadataGetSwizzled(), MetadataIsValid(), MetadataNewObject(), MetadataSet(), MetadataSetObject(), MetadataSetObjectId(), MetadataUnSwizzle()
property Name as %String (MAXLEN = 128) [ Required ];
The name of this client. When using dynamic registration the initial value will be the value of the "client_name" metadata field.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property RedirectURL as list of %String);
RedirectURL is the expected redirect URL for this client.
Property methods: RedirectURLBuildValueArray(), RedirectURLCollectionToDisplay(), RedirectURLCollectionToOdbc(), RedirectURLDisplayToCollection(), RedirectURLDisplayToLogical(), RedirectURLGet(), RedirectURLGetObject(), RedirectURLGetObjectId(), RedirectURLGetStored(), RedirectURLGetSwizzled(), RedirectURLIsValid(), RedirectURLLogicalToDisplay(), RedirectURLLogicalToOdbc(), RedirectURLNormalize(), RedirectURLOdbcToCollection(), RedirectURLSet(), RedirectURLSetObject(), RedirectURLSetObjectId()
property SupportedGrantTypes as %String (MAXLEN = 5, MINLEN = 1);
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
SupportedGrantTypes is the grant types that are supported to create an access token. This property is a string of 1 to 5 characters with one character for each supported grant type as follows:
- "A" - Authorization Code - "I" - Implicit - "P" - Resource Owner Password Credentials - "C" - Client Credentials - "J" - JWT Authorization
Property methods: SupportedGrantTypesDisplayToLogical(), SupportedGrantTypesGet(), SupportedGrantTypesGetStored(), SupportedGrantTypesIsValid(), SupportedGrantTypesLogicalToDisplay(), SupportedGrantTypesLogicalToOdbc(), SupportedGrantTypesNormalize()
property client_name as %String (MAXLEN = 128);
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
client_name is the name of the Client to be presented to the EndUser.
Property methods: client_nameDisplayToLogical(), client_nameGet(), client_nameGetStored(), client_nameIsValid(), client_nameLogicalToDisplay(), client_nameLogicalToOdbc(), client_nameNormalize()
property client_uri as %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
client_uri is the URL of the home page of the Client. The value of this field must point to a valid Web page. If present, the authorization server will display this URL to the EndUser in a followable fashion.
Property methods: client_uriDisplayToLogical(), client_uriGet(), client_uriGetStored(), client_uriIsValid(), client_uriLogicalToDisplay(), client_uriLogicalToOdbc(), client_uriNormalize()
property logo_uri as %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
logo_uri is a URL that references a logo for the Client application. If present, the authorization server will display this image to the EndUser during approval. The value of this field must point to a valid image file.
Property methods: logo_uriDisplayToLogical(), logo_uriGet(), logo_uriGetStored(), logo_uriIsValid(), logo_uriLogicalToDisplay(), logo_uriLogicalToOdbc(), logo_uriNormalize()
property policy_uri as %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
policy_uri is the that the Relying Party Client provides to the EndUser to read about the how the profile data will be used. The value of this field must point to a valid web page.
Property methods: policy_uriDisplayToLogical(), policy_uriGet(), policy_uriGetStored(), policy_uriIsValid(), policy_uriLogicalToDisplay(), policy_uriLogicalToOdbc(), policy_uriNormalize()
property tos_uri as %OAuth2.uri;
**** Moved to OAuth2.Client.Metadata when dynamic client support introduced
tos_uri is the URL that the Relying Party Client provides to the EndUser to read about the Relying Party's terms of service. The value of this field must point to a valid web page.
Property methods: tos_uriDisplayToLogical(), tos_uriGet(), tos_uriGetStored(), tos_uriIsValid(), tos_uriLogicalToDisplay(), tos_uriLogicalToOdbc(), tos_uriNormalize()


classmethod DeleteId(id As %String) as %Status
Delete this client configuration.
classmethod Open(clientId As %String, Output sc As %Status) as OAuth2.Server.Client
Open the OAuth2.Server.Client instance.
method RefreshJWKS(sslConfig As %String, force As %Boolean = 0, save As %Boolean = 1, Output sc As %Status) as %Boolean
If the client's JWKS was specified using the jwks_uri metadata parameter, this method will fetch the jwks if it has expired.

  • sslConfig - the name of an SSL configuration to use when communicating with the remote server
  • force - refresh the jwks even if the cached version is still valid (default is 0)
  • save - save the client definition (default is 1)
  • sc (output) - Status code structure containing any errors
  • 1 - if the jwks was updated
  • 0 - if the cached version was still valid
method Save() as %Status
Save this OAuth2.Server.Client instance.
method SetPublicJWKS(publicJWKS As %String, jwksUri As %String) as %Status
Manually set the client supplied public JWKS and optionally jwks_uri.
deprecated method UpdateJWKS(server As OAuth2.Server.Configuration, Output sc As %Status) as %Status
Get and save a new public JWKS for this client if the JWKS was specified using jwks_uri metadata. Returns a status code.
This method is deprecated. New code should use RefreshJWKS() instead.


query List()
SQL Query:
SELECT Name, ClientId, ClientType, RedirectURL, Description FROM Client ORDER BY Name
List client registrations for SMP page


index (ClientIndex on ClientId) [IdKey, Type = key, Unique];
The IDKEY for the client configuration class.
Index methods: ClientIndexCheck(), ClientIndexDelete(), ClientIndexExists(), ClientIndexOpen(), ClientIndexSQLCheckUnique(), ClientIndexSQLExists(), ClientIndexSQLFindPKeyByConstraint(), ClientIndexSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods


Storage Model: Storage (OAuth2.Server.Client)

FeedbackOpens in a new tab