|
%SYS
|
|
|
%SYS
|
|
The OAuth2.Client class describes an OAuth2 client and references the Authorization server that it uses to authorize the application based on RFC 6749. More...
Public Member Functions | |
| _.Library.Boolean | RefreshJWKS (_.Library.Boolean force, _.Library.Boolean save, _.Library.Status sc) |
| If the server's public JWKS was specified using the jwks_uri metadata parameter, this method will fetch the jwks if. More... | |
| _.Library.Status | RotateKeys () |
| Rotate the client's public/private key pairs by adding a new key pair to the JWKS and saving the JWKS. More... | |
| def | __init__ (self) |
| **** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced More... | |
Static Public Member Functions | |
| _.Library.Status | DeleteId (_.Library.String id) |
| Delete this client configuration. | |
| OAuth2.Client | Open (_.Library.String applicationName, _.Library.Status sc) |
| Open an OAuth2.Client instance based on the applicationName ID property. | |
Public Attributes | |
| AcceptNonStandardImplicitIdToken | |
| If AcceptNonStandardImplicitIdToken is true, then this client will accept requested id tokens even. More... | |
| ApplicationName | |
| The ApplicationName identifies this application (client + authorization server) configuration. More... | |
| AuthenticationType | |
| ClientCredentials | |
| ClientCredentials is the alias of the SYS.X509Credentials object which contains the client's. More... | |
| ClientId | |
| The client id that is supplied during client registration. More... | |
| ClientPassword | |
| ClientPassword is the password for the private key in ClientCredentials if the password is not in the SYS.X5009Credentials object. More... | |
| ClientSecret | |
| The client secret that is supplied during client registration. More... | |
| ClientType | |
| The type of client configuration: More... | |
| DefaultScope | |
| The default scope, as a blank separated list, for access token requests. More... | |
| Description | |
| Description of the application. More... | |
| Enabled | |
| True if client application is enabled. More... | |
| EncryptionAlgorithm | |
| JWTAudience | |
| Defines the value to use for the "aud" claim in tokens generated. More... | |
| JWTInterval | |
| JWTInterval is the interval in seconds after which a JWT expires. More... | |
| KeyAlgorithm | |
| Metadata | |
| The meta data which describes this client. More... | |
| RedirectionEndpoint | |
| The endpoint object for the URL to be used by the authorization server to return the response to an authorization request. More... | |
| SSLConfiguration | |
| The name of the activated TLS/SSL configuration to use for authorization server requests. More... | |
| ServerDefinition | |
| ServerDefinition is the reference to the OAuth2.ServerDefinition object which describes. More... | |
| SigningAlgorithm | |
The OAuth2.Client class describes an OAuth2 client and references the Authorization server that it uses to authorize the application based on RFC 6749.
A client system may be used with multiple authorization servers for different applications.
| def __init__ | ( | self | ) |
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
The type of authentication (as specified in RFC 6749 or OpenID Connect Core section 9) to be used for HTTP requests to the authorization server.
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
| _.Library.Boolean RefreshJWKS | ( | _.Library.Boolean | force, |
| _.Library.Boolean | save, | ||
| _.Library.Status | sc | ||
| ) |
If the server's public JWKS was specified using the jwks_uri metadata parameter, this method will fetch the jwks if.
it has expired.
Parameters:
Returns:
| _.Library.Status RotateKeys | ( | ) |
Rotate the client's public/private key pairs by adding a new key pair to the JWKS and saving the JWKS.
At this time, all private keys are kept. In the future only a limited set of private keys will be kept.
| AcceptNonStandardImplicitIdToken |
If AcceptNonStandardImplicitIdToken is true, then this client will accept requested id tokens even.
when the server response they are sent in does not contain the openid scope.
| ApplicationName |
The ApplicationName identifies this application (client + authorization server) configuration.
Chosen by user during configuration.
| AuthenticationType |
| ClientCredentials |
ClientCredentials is the alias of the SYS.X509Credentials object which contains the client's.
certificate and private key.
| ClientId |
The client id that is supplied during client registration.
Required for all ClientTypes.
| ClientPassword |
ClientPassword is the password for the private key in ClientCredentials if the password is not in the SYS.X5009Credentials object.
| ClientSecret |
The client secret that is supplied during client registration.
Required if ClientType is confidential or resource server.
| ClientType |
The type of client configuration:
public - a public client. See RFC 6749 confidential - a confidential client. See RFC 6749 resource - a resource server which is not also a client.
Chosen by user during configuration. Will usually be confidential client for an InterSystems IRIS application.
| DefaultScope |
The default scope, as a blank separated list, for access token requests.
Chosen by user during configuration.
| Description |
Description of the application.
Chosen by user during configuration.
| Enabled |
True if client application is enabled.
Chosen by user during configuration.
| EncryptionAlgorithm |
| JWTAudience |
Defines the value to use for the "aud" claim in tokens generated.
for private_key_jwt and client_secret_jwt authentication methods, as well as for the JWT Authorization grant type. For new configurations this will be the authorization server's token endpoint by default. For backwards compatibility, if this is undefined the client will use the issuer endpoint.
| JWTInterval |
JWTInterval is the interval in seconds after which a JWT expires.
which is used for client_secret_jwt or private_key_jwt authentication types. The default is 1 minute. There should be no need to change the default since this JWT may only be used once.
| KeyAlgorithm |
The meta data which describes this client.
| RedirectionEndpoint |
The endpoint object for the URL to be used by the authorization server to return the response to an authorization request.
Required if ClientType is public or confidential, Chosen by user during configuration.
| SSLConfiguration |
The name of the activated TLS/SSL configuration to use for authorization server requests.
Chosen by user during configuration.
ServerDefinition is the reference to the OAuth2.ServerDefinition object which describes.
the authorization server to be used for this client.
| SigningAlgorithm |
1.9.1