Skip to main content

%OAuth2.JWT

class %OAuth2.JWT extends %Library.RegisteredObject

Method Inventory

Methods

classmethod GetJWK(JWKS As %DynamicObject, Alg As %String, Kid As %String) as %DynamicObject
classmethod JWTToObject(JWT As %String, LocalPrivate As %String, RemotePublic As %String, Output JOSE As %String, Output Body As %DynamicObject) as %Status
This method processes a JSON Web Token (JWT), performing decryption and/or signature verification operations as required.

Input parameters:

JWT - JSON Web Token

LocalPrivate - Local Private JWKS
RemotePublic - Remote Public JWKS
Output parameters:

JOSE - Output Array of Strings containing the algorithms used for Signature and/or Encryption operations performed on the JWT.
JOSE("sigalg") - Signature or MAC algorithm
JOSE("keyalg") - Key management algorithm
JOSE("encalg") - Content encryption algorithm

Body - Output Object representation of the claims contained in the JWT
classmethod ObjectToJWT(ByRef JOSE As %String, Body As %DynamicObject, LocalPrivate As %String, RemotePublic As %String, Output JWT As %String) as %Status
This method generates a JSON Web Token (JWT), performing signature and/or encryption operations as requested.

Input parameters:

JOSE - Array of Strings used to specify the JSON Object Signature and/or Encryption operations to be performed on the JWT

For JSON Web Signature (JWS):

JOSE("sigalg") - Signature or MAC algorithm, supported options:
"HS256", HMAC with SHA-256
"HS384", HMAC with SHA-384
"HS512", HMAC with SHA-512
"RS256", RSASSA-PKCS1-V1_5 using SHA-256
"RS384", RSASSA-PKCS1-V1_5 using SHA-384
"RS512", RSASSA-PKCS1-V1_5 using SHA-512

For JSON Web Encryption (JWE):

JOSE("keyalg") - Key management algorithm, supported options:
"RSA1_5", Encryption with RSAES-PKCS1-V1_5
"RSA-OAEP", Encryption with RSAES-OAEP

JOSE("encalg") - Content encryption algorithm, supported options:
"A128CBC-HS256", 128-bit AES in CBC mode with HMAC SHA-256
"A192CBC-HS384", 192-bit AES in CBC mode with HMAC SHA-384
"A256CBC-HS512", 256-bit AES in CBC mode with HMAC SHA-512

Note, JOSE("keyalg") and JOSE("encalg") must both be specified or null.

If JWS and JWE are both specified the JWT will be signed, then encrypted.

Body - Object representation of the Claims contained in the JWT

LocalPrivate - Local Private JWKS

RemotePublic - Remote Public JWKS
Output parameter:

JWT - JSON Web Token

Inherited Members

Inherited Methods

FeedbackOpens in a new tab