Skip to main content


persistent class OAuth2.AccessToken extends %Library.Persistent

SQL Table Name: OAuth2.AccessToken

OAuth2.AccessToken stores an OAuth 2.0 access token and its related information.
OAuth2.AccessToken is indexed by the combination of SessionId and ApplicationName. Therefore, only one scope may be requested for each SessionId/ApplicationName. If a second request is made with a different scope and access token has yet been granted, the scope in the new request becomes the expected scope.

Property Inventory

Method Inventory


property AccessToken as %String (COLLATION = "EXACT");
The access token
Property methods: AccessTokenDisplayToLogical(), AccessTokenGet(), AccessTokenGetStored(), AccessTokenIsValid(), AccessTokenLogicalToDisplay(), AccessTokenLogicalToOdbc(), AccessTokenNormalize()
property ApplicationName as %String (COLLATION = "EXACT", MAXLEN = 128, MINLEN = 1) [ Required ];
This access token is linked to this client application.
Property methods: ApplicationNameDisplayToLogical(), ApplicationNameGet(), ApplicationNameGetStored(), ApplicationNameIsValid(), ApplicationNameLogicalToDisplay(), ApplicationNameLogicalToOdbc(), ApplicationNameNormalize(), ApplicationNameSet()
property CodeVerifier as %String);
Code verifier sent with authorization requests when using the authorization_code grant type. This is in accordance with PKCE (RFC7636).
Property methods: CodeVerifierDisplayToLogical(), CodeVerifierGet(), CodeVerifierGetStored(), CodeVerifierIsValid(), CodeVerifierLogicalToDisplay(), CodeVerifierLogicalToOdbc(), CodeVerifierNormalize(), CodeVerifierSet()
property Error as %OAuth2.Error;
Error object for error during authorization
Property methods: ErrorGet(), ErrorGetObject(), ErrorGetObjectId(), ErrorGetStored(), ErrorGetSwizzled(), ErrorIsEmpty(), ErrorIsValid(), ErrorNewObject(), ErrorSet(), ErrorSetObject(), ErrorSetObjectId(), ErrorUnSwizzle()
property Expires as %Integer;
The time when the token expires in seconds since December 31st, 1840 (i.e. since beginning of $h)
Property methods: ExpiresDisplayToLogical(), ExpiresGet(), ExpiresGetStored(), ExpiresIsValid(), ExpiresLogicalToDisplay(), ExpiresNormalize(), ExpiresSet()
property GrantType as %String (VALUELIST = ",A,I,P,C,J");
GrantType is the grant type that was used to create this access token: - "A" - Authorization Code - "I" - Implicit - "P" - Resource Owner Password Credentials - "C" - Client Credentials - "J" - JWT Authorization
Property methods: GrantTypeDisplayToLogical(), GrantTypeGet(), GrantTypeGetStored(), GrantTypeIsValid(), GrantTypeLogicalToDisplay(), GrantTypeLogicalToOdbc(), GrantTypeNormalize(), GrantTypeSet()
property Hash as %String (COLLATION = "EXACT", MAXLEN = 64);
SHA512 hash of the AccessToken to be used for indexing
Property methods: HashDisplayToLogical(), HashGet(), HashGetStored(), HashIsValid(), HashLogicalToDisplay(), HashLogicalToOdbc(), HashNormalize(), HashSet()
property IDHash as %String (COLLATION = "EXACT", MAXLEN = 64);
SHA512 hash of the IDToken to be used for indexing
Property methods: IDHashDisplayToLogical(), IDHashGet(), IDHashGetStored(), IDHashIsValid(), IDHashLogicalToDisplay(), IDHashLogicalToOdbc(), IDHashNormalize(), IDHashSet()
property IDToken as %String (COLLATION = "EXACT");
The IDToken
Property methods: IDTokenDisplayToLogical(), IDTokenGet(), IDTokenGetStored(), IDTokenIsValid(), IDTokenLogicalToDisplay(), IDTokenLogicalToOdbc(), IDTokenNormalize()
property LogoutState as %String (COLLATION = "EXACT", MAXLEN = 1024);
The base64 encoded random state associated with a logout request to the Authorization Server.
Property methods: LogoutStateDisplayToLogical(), LogoutStateGet(), LogoutStateGetStored(), LogoutStateIsValid(), LogoutStateLogicalToDisplay(), LogoutStateLogicalToOdbc(), LogoutStateNormalize(), LogoutStateSet()
property Nonce as %String (MAXLEN = 1024);
Nonce for OpenID Connect request. This nonce must be included in the IDToken.
Property methods: NonceDisplayToLogical(), NonceGet(), NonceGetStored(), NonceIsValid(), NonceLogicalToDisplay(), NonceLogicalToOdbc(), NonceNormalize(), NonceSet()
property RefreshToken as %String);
The refresh token that is returned by the authorization server or "".
Property methods: RefreshTokenDisplayToLogical(), RefreshTokenGet(), RefreshTokenGetStored(), RefreshTokenIsValid(), RefreshTokenLogicalToDisplay(), RefreshTokenLogicalToOdbc(), RefreshTokenNormalize(), RefreshTokenSet()
property ResponseMode as %String;
The response_mode of the access token request: query or fragment
Property methods: ResponseModeDisplayToLogical(), ResponseModeGet(), ResponseModeGetStored(), ResponseModeIsValid(), ResponseModeLogicalToDisplay(), ResponseModeLogicalToOdbc(), ResponseModeNormalize(), ResponseModeSet()
property ResponseProperties as array of %String);
ResponseProperties contains the response properties from the access token request where the key is the property name and the value is the property value.
Property methods: ResponsePropertiesBuildValueArray(), ResponsePropertiesCollectionToDisplay(), ResponsePropertiesCollectionToOdbc(), ResponsePropertiesDisplayToCollection(), ResponsePropertiesDisplayToLogical(), ResponsePropertiesGet(), ResponsePropertiesGetObject(), ResponsePropertiesGetObjectId(), ResponsePropertiesGetStored(), ResponsePropertiesGetSwizzled(), ResponsePropertiesIsValid(), ResponsePropertiesLogicalToDisplay(), ResponsePropertiesLogicalToOdbc(), ResponsePropertiesNormalize(), ResponsePropertiesOdbcToCollection(), ResponsePropertiesSet(), ResponsePropertiesSetObject(), ResponsePropertiesSetObjectId()
property ResponseType as %String;
The response_type of the access token request
Property methods: ResponseTypeDisplayToLogical(), ResponseTypeGet(), ResponseTypeGetStored(), ResponseTypeIsValid(), ResponseTypeLogicalToDisplay(), ResponseTypeLogicalToOdbc(), ResponseTypeNormalize(), ResponseTypeSet()
property Scope as %String);
Blank separated list of scope names which this token supports
Property methods: ScopeDisplayToLogical(), ScopeGet(), ScopeGetStored(), ScopeIsValid(), ScopeLogicalToDisplay(), ScopeLogicalToOdbc(), ScopeNormalize(), ScopeSet()
property SessionId as %String (COLLATION = "EXACT") [ Required ];
This access token is linked to the session whose id is here.
Property methods: SessionIdDisplayToLogical(), SessionIdGet(), SessionIdGetStored(), SessionIdIsValid(), SessionIdLogicalToDisplay(), SessionIdLogicalToOdbc(), SessionIdNormalize(), SessionIdSet()
property State as %String (COLLATION = "EXACT", MAXLEN = 1024);
The base64 encoded random state associated with request to Authorization Server.
Property methods: StateDisplayToLogical(), StateGet(), StateGetStored(), StateIsValid(), StateLogicalToDisplay(), StateLogicalToOdbc(), StateNormalize(), StateSet()
deprecated property TemporarySession as %Boolean [ InitialExpression = 0 ];
If TemporarySession is true, then this access token object was created for a temproary session by %OAuth2.Login. This object should not be deleted by the end session event handler.
Property methods: TemporarySessionDisplayToLogical(), TemporarySessionGet(), TemporarySessionGetStored(), TemporarySessionIsValid(), TemporarySessionLogicalToDisplay(), TemporarySessionNormalize(), TemporarySessionSet()
property TokenType as %String;
The token type that is returned from the authorization server.
Property methods: TokenTypeDisplayToLogical(), TokenTypeGet(), TokenTypeGetStored(), TokenTypeIsValid(), TokenTypeLogicalToDisplay(), TokenTypeLogicalToOdbc(), TokenTypeNormalize(), TokenTypeSet()


method ClearError()
Clear the error.
method IsError() as %Boolean
Return if an error been set.
method IsExpired() as %Boolean
Check if this token is expired
method IsOpenID() as %Boolean
Is this an OpenID authorization request? Find out by looking for openid scope.
classmethod Open(accessToken As %String, Output sc As %Status) as OAuth2.AccessToken
Open an OAuth2.AccessToken instance based on the AccessToken property
classmethod OpenByIDToken(IDToken As %String, Output sc As %Status) as OAuth2.AccessToken
Open an OAuth2.AccessToken instance based on the IDToken property
classmethod OpenForSession(applicationName As %String, sessionId As %String, Output sc As %Status) as OAuth2.AccessToken
Open an OAuth2.AccessToken instance based on the session and client application that it is linked to.
method Remove() as %Status
Remove this token from the client. If this token is currently processing a RP-initiated front-channel logout request (That is, if InLogout is true,) then the token(s) will be removed, but the AccessToken record will not be deleted until the logout is completed or times out.
method SetError(error As %OAuth2.Error)
Set the error.


index (IDKEY on ) [IdKey, Type = key];
Index methods: IDKEYCheck(), IDKEYDelete(), IDKEYExists(), IDKEYOpen(), IDKEYSQLCheckUnique(), IDKEYSQLExists(), IDKEYSQLFindPKeyByConstraint(), IDKEYSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods


Storage Model: Storage (OAuth2.AccessToken)


Storage Model: Storage (OAuth2.AccessToken)

FeedbackOpens in a new tab