|
%SYS
|
|
|
%SYS
|
|
Access tokens are managed by the persistent class OAuth2.Server.AccessToken. More...
Public Member Functions | |
| _.Library.Status | Delete () |
| Delete this access token. | |
| _.Library.Status | Save () |
| Save this OAuth2.Server.AccessToken instance. | |
Static Public Member Functions | |
| OAuth2.Server.AccessToken | OpenByCode (_.Library.String authorizationCode, _.Library.Status sc) |
| Open the OAuth2.Server.AccessToken instance using AuthorizationCode. | |
| OAuth2.Server.AccessToken | OpenByIDToken (_.Library.String IDToken, _.Library.Status sc) |
| Open the OAuth2.Server.AccessToken instance using IDToken. | |
| OAuth2.Server.AccessToken | OpenByRefresh (_.Library.String refreshToken, _.Library.Status sc) |
| Open the OAuth2.Server.AccessToken instance using RefreshToken. | |
| OAuth2.Server.AccessToken | OpenByToken (_.Library.String accessToken, _.Library.Status sc) |
| Open the OAuth2.Server.AccessToken instance using AccessToken. | |
| _.Library.Status | RevokeByClientId (_.Library.String clientId, _.Library.Integer count) |
| RevokeByClientId will delete all access tokens that are associated with the specified client ID. More... | |
| _.Library.Status | RevokeByGroupId (_.Library.String groupId, _.Library.Integer count) |
| RevokeByGroupId will delete all access tokens that are associated with the specified group ID. More... | |
| _.Library.Status | RevokeUser (_.Library.String username, _.Library.Integer count) |
| RevokeUser will delete all access tokens that are associated with the specified user. More... | |
Public Attributes | |
| AccessToken | |
| AccessToken is the access token as a string. More... | |
| AccessTokenExpires | |
| AccessTokenExpires is the time in seconds from beginning of the Unix epoch when the access expires. More... | |
| Aud | |
| aud property from request which will be checked when validating token. More... | |
| AuthTime | |
| The time when the user was authenticated. More... | |
| AuthorizationCode | |
| AuthorizationCode is a random number which serves as the IDKey for this class and. More... | |
| AuthorizationCodeExpires | |
| AuthorizationCodeExpires is the time in seconds from the bginning of the Unix epoch when the. More... | |
| ClientId | |
| ClientId is the client id for the client for which this token was issued. More... | |
| CodeChallenge | |
| Code challenge used by public clients for PCKE. More... | |
| CodeChallengeMethod | |
| Code challenge method used by public clients for PCKE. More... | |
| GrantType | |
| GrantType is the grant type that was used to create this access token: More... | |
| GroupId | |
| The ID of the group that this access token object belongs to. More... | |
| Hash | |
| SHA512 hash of the AccessToken to be used for indexing. More... | |
| IDHash | |
| SHA512 hash of the IDToken to be used for indexing. More... | |
| IDToken | |
| IDToken is the IDToken which is returned forf OpenID Connect requests. More... | |
| IssuedAt | |
| The time at which the active access token was issued. More... | |
| Issuer | |
| The issuer of this access token. More... | |
| Properties | |
| Properties is a OAuth2.Server.Properties object that holds the various kinds of properties. More... | |
| RedirectURL | |
| The redirect used for the current token authorization. More... | |
| RefreshToken | |
| RefreshToken is the refresh token as a random string that is used to refresh the access token. More... | |
| RefreshTokenExpires | |
| RefreshTokenExpires is the time in seconds from beginning of the Unix epoch when. More... | |
| ResponseMode | |
| The response_mode of the access token request: query or fragment. More... | |
| ResponseType | |
| The response_type of the access token request. More... | |
| Scope | |
| Scope is a blank separated list of scopes that were used to issue this token. More... | |
| ScopeArray | |
| An array of scopes and associated descriptions. More... | |
| Stage | |
| Stage reflects the stage of the authentication process and is used for error checking. More... | |
| State | |
| State to be returned to requester in redirected response. More... | |
| Username | |
| Username is the username specified and validated by during authentication. More... | |
Access tokens are managed by the persistent class OAuth2.Server.AccessToken.
OAuth2.Server.AccessToken stores the access token and related properties. This class is also the means of communication between the various parts of the authorization server.
This class is used internally by InterSystems IRIS. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class.
|
static |
RevokeByClientId will delete all access tokens that are associated with the specified client ID.
The count argument will be returned as the number of access tokens that were deleted.
|
static |
RevokeByGroupId will delete all access tokens that are associated with the specified group ID.
The count argument will be returned as the number of access tokens that were deleted.
|
static |
RevokeUser will delete all access tokens that are associated with the specified user.
The count argument will be returned as the number of access tokens that were deleted.
AccessToken is the access token as a string.
The default access token is a random string.
However, the access token is easily customized to have any structure required by the using application - for example a signed JWT.
| AccessTokenExpires |
AccessTokenExpires is the time in seconds from beginning of the Unix epoch when the access expires.
| Aud |
aud property from request which will be checked when validating token.
| AuthTime |
The time when the user was authenticated.
| AuthorizationCode |
AuthorizationCode is a random number which serves as the IDKey for this class and.
as the Authorization Code when required by the Authorization Code grant type. We use AuthorizationCode as the IDKey because it comes into existence first in the process of creating an access token
| AuthorizationCodeExpires |
AuthorizationCodeExpires is the time in seconds from the bginning of the Unix epoch when the.
Authorization code passed to the client expires for the Authorization Code grant type.
| ClientId |
ClientId is the client id for the client for which this token was issued.
| CodeChallenge |
Code challenge used by public clients for PCKE.
| CodeChallengeMethod |
Code challenge method used by public clients for PCKE.
| GrantType |
GrantType is the grant type that was used to create this access token:
| GroupId |
The ID of the group that this access token object belongs to.
| Hash |
SHA512 hash of the AccessToken to be used for indexing.
| IDHash |
SHA512 hash of the IDToken to be used for indexing.
| IDToken |
IDToken is the IDToken which is returned forf OpenID Connect requests.
| IssuedAt |
The time at which the active access token was issued.
This may be different from <property>AuthTime</property>
if the token was issued from a refresh token, or if it was automatically issued due to a pre-existing session.
| Issuer |
The issuer of this access token.
| Properties |
Properties is a OAuth2.Server.Properties object that holds the various kinds of properties.
and claims that are used by the auhtorization server. The various classes which are involved in the authorization and authentication code flow use the properties argument (which is this token property) to communicate amongst themselves and with the authorization server.
See the definition of the OAuth2.Server.Properties class for details about the propertyies and claims.
| RedirectURL |
The redirect used for the current token authorization.
| RefreshToken |
RefreshToken is the refresh token as a random string that is used to refresh the access token.
| RefreshTokenExpires |
RefreshTokenExpires is the time in seconds from beginning of the Unix epoch when.
the refresh expires, or "" means does not expire.
| ResponseMode |
The response_mode of the access token request: query or fragment.
| ResponseType |
The response_type of the access token request.
| Scope |
Scope is a blank separated list of scopes that were used to issue this token.
| ScopeArray |
An array of scopes and associated descriptions.
This matches the scopes in the Scope property.
| Stage |
Stage reflects the stage of the authentication process and is used for error checking.
Possible values of Stage: "new", "delegated:<n>", "login:<n>", "2fa:<n>", "permission", "".
"" means process completed or not started.
<n> is the integer count of which login attempt is taking place.
| State |
State to be returned to requester in redirected response.
| Username |
Username is the username specified and validated by during authentication.
$char(0) means that authentication failed.
1.9.1