Skip to main content


class OAuth2.Server.Token extends %Library.RegisteredObject

The class OAuth2.Server.Token implements the token endpoint, as specified in RFC 6749, for the Authorization Code, Password Credentials and Client Credentials grant types, and for refreshing the access token.
This class also serves as the endpoint for token management requests from the resource server and client.
All requests to this endpoint are of Content-Type "application/x-www-form-urlencoded". The requests from a confidential client must be authenticated using basic authentication with the client id and client secret as specified in RFC 6749. This class is used internally by Caché. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class.

Method Inventory


parameter HTTP200OK = 200 OK;
parameter HTTP400BADREQUEST = 400 Bad Request;
parameter HTTP401UNAUTHORIZED = 401 Unauthorized;
parameter HTTP500INTERNALSERVERERROR = 500 Internal Server Error;


classmethod CheckJWTAuthorization(jwt As %String, Output client As OAuth2.Server.Client) as %OAuth2.Error
If private_key_jwt or client_secret_jwt authentication used, then verify
classmethod GetJWTBody(jwt As %String, Output alg As %String) as %DynamicObject
Get algorithm and body from a JWT

Inherited Members

Inherited Methods

FeedbackOpens in a new tab