|
%SYS
|
|
|
%SYS
|
|
The authorization server configuration is maintained by the OAuth2.Server.Configuration class. More...
Public Member Functions | |
| _.Library.Status | RotateKeys () |
| Rotate the auhtorization server's public/private key pairs by adding a new key pair to the JWKS and saving the JWKS. More... | |
| _.Library.Status | Save () |
| Save the single OAuth2.Server.Configuration instance. More... | |
Static Public Member Functions | |
| _.Library.Status | Delete () |
| Delete this configuration. | |
| GetSupportedAlgorithms (_.Library.List sigalgs, _.Library.List encalgs, _.Library.List keyalgs) | |
| Get server supported algorithms. More... | |
| OAuth2.Server.Configuration | Open (_.Library.Status sc) |
| Open the single OAuth2.Server.Configuration instance. | |
Public Attributes | |
| AccessTokenInterval | |
| AccessTokenInterval is the interval in seconds after which an access token issued by this. More... | |
| AllowPublicClientRefresh | |
| If AllowPublicClientRefresh is true, then a clientSecret will NOT be required to process refresh tokens. More... | |
| AllowUnsupportedScope | |
| If AllowUnsupportedScope is true (1), then unsupported scope values will be ignored. More... | |
| AudRequired | |
| If AudRequired is true, then an authorization code and implicit requests require the aud property. More... | |
| AuthenticateClass | |
| AuthenticateClass is the name of a subclass of OAuth2.Server.Authenticate which will be used. More... | |
| AuthorizationCodeInterval | |
| AuthorizationCodeInterval is the interval in seconds after which an authorization code issued. More... | |
| ClientSecretInterval | |
| ClientSecretInterval is the interval in seconds after which a client secret will expire. More... | |
| CustomizationNamespace | |
| CustomizationNamespace is the namespace where the customization code is to be run. More... | |
| CustomizationRoles | |
| CustomizationRoles is a comma separated list of roles that are set for any call. More... | |
| DefaultScope | |
| DefaultScope is a blank separated list containing the default for access token scope. More... | |
| Description | |
| Description is a human readable of this authorization server. More... | |
| EncryptionAlgorithm | |
| EncryptionAlgorithm specifies the default encryption algorithm used to create JWEs or "" if JWTs are not to be encrypted. More... | |
| ForcePKCEForConfidentialClients | |
| If ForcePKCEForConfidentialClients is true, then authorization and token requests from confidential clients. More... | |
| ForcePKCEForPublicClients | |
| If ForcePKCEForPublicClients is true, then authorization and token requests from public clients. More... | |
| GenerateTokenClass | |
| GenerateTokenClass is the name of a class with the same signatures as OAuth2.Server.Generate which overrides. More... | |
| IssuerEndpoint | |
| IssuerEndpoint is the endpoint for this authorization server. More... | |
| JWKSFromCredentials | |
| JWKSFromCredentials is true if the JWKSs were created from ServerCredentials. More... | |
| KeyAlgorithm | |
| KeyAlgorithm specifies the default key management algorithm used to create JWEs or "" if JWTs are not to be encrypted. More... | |
| Metadata | |
| The meta data which describes this authorization server,. More... | |
| RefreshTokenInterval | |
| RefreshTokenInterval is the interval in seconds after which a refresh token issued. More... | |
| ReturnRefreshToken | |
| ReturnRefreshToken defines the conditions under which a refresh token is returned along with the access token. More... | |
| RevokeTokenClass | |
| RevokeTokenClass is the name of a class with the same signatures as OAuth2.Server.Revoke which overrides. More... | |
| SSLConfiguration | |
| The name of the activated TLS/SSL configuration to use loading a request object. More... | |
| ServerCredentials | |
| ServerCredentials is the alias of the SYS.X509Credentials object which contains the authoriization server's. More... | |
| ServerPassword | |
| ServerPassword is the password for the private key in ServerCredentials if the password is not in the SYS.X5009Credentials object. More... | |
| SessionClass | |
| SessionClass is the name of a class with the same signatures as OAuth2.Server.Session. More... | |
| SessionInterval | |
| SessionInterval is the interval in seconds after which a user session will be. More... | |
| SigningAlgorithm | |
| SigningAlgorithm specifies the default signing algorithm used to create JWSs or "" if JWTs are not to be signed. More... | |
| SupportSession | |
| If SupportSession is true, then OAuth 2.0 user sessions will be supported using. More... | |
| SupportedGrantTypes | |
| **** Moved to OAuth2.Server.Metadata when dynamic client support introduced More... | |
| SupportedScopes | |
| SupportedScopes is a ArrayOfDatatypes which specifies all scopes supported by this Authorization Server. More... | |
| ValidateUserClass | |
| ValidateUserClass is the name of a class with the same signatures as OAuth2.Server.Validate which may override the. More... | |
The authorization server configuration is maintained by the OAuth2.Server.Configuration class.
InterSystems supplies an SMP page, CSP.UI.Portal.OAuth2.Server.Configuration, which configures the OAuth2 server as part of the SMP. It is possible to customize the authorization server by replacing this page by a user written page which maintains the OAuth2.Server.Configuration class instance.
|
static |
Get server supported algorithms.
This method is deprecated. Use the GetSupportedAlgorithms method in <class>OAuth2.Utils</class> instead.
| _.Library.Status RotateKeys | ( | ) |
Rotate the auhtorization server's public/private key pairs by adding a new key pair to the JWKS and saving the JWKS.
At this time, all private keys are kept. In the future only a limited set of private keys will be kept.
| _.Library.Status Save | ( | ) |
Save the single OAuth2.Server.Configuration instance.
If this is the first time the configuration is saved, the Save method will also create a CSP application for this authorization server. The CSP application will be /csp/oauth2server.
| AccessTokenInterval |
AccessTokenInterval is the interval in seconds after which an access token issued by this.
server will expire. The default is 3600 seconds.
| AllowPublicClientRefresh |
If AllowPublicClientRefresh is true, then a clientSecret will NOT be required to process refresh tokens.
| AllowUnsupportedScope |
If AllowUnsupportedScope is true (1), then unsupported scope values will be ignored.
Otherwise, an error will be returned.
| AudRequired |
If AudRequired is true, then an authorization code and implicit requests require the aud property.
| AuthenticateClass |
AuthenticateClass is the name of a subclass of OAuth2.Server.Authenticate which will be used.
to allow override of the DirectLogin, DisplayLogin and DisplayPermissions methods during user authorization.
| AuthorizationCodeInterval |
AuthorizationCodeInterval is the interval in seconds after which an authorization code issued.
by this server will expire. The default is 60 seconds.
| ClientSecretInterval |
ClientSecretInterval is the interval in seconds after which a client secret will expire.
The default value of 0 means the session will not be automatically terminated.
| CustomizationNamespace |
CustomizationNamespace is the namespace where the customization code is to be run.
| CustomizationRoles |
CustomizationRoles is a comma separated list of roles that are set for any call.
to user supplied customization code.
| DefaultScope |
DefaultScope is a blank separated list containing the default for access token scope.
if scope is not specified in the access token request or in the client configuration.
| Description |
Description is a human readable of this authorization server.
| EncryptionAlgorithm |
EncryptionAlgorithm specifies the default encryption algorithm used to create JWEs or "" if JWTs are not to be encrypted.
EncryptionAlgorithm is used for any client specific algorithm which is not specified. See <Class>Net.JSON.JWA</Class> for the list of supported algorithms. If EncryptionAlgorithm is specified, KeyAlgorithm must also be specified.
| ForcePKCEForConfidentialClients |
If ForcePKCEForConfidentialClients is true, then authorization and token requests from confidential clients.
MUST adhere to the Proof Key for Code Exchange (PKCE) specification.
| ForcePKCEForPublicClients |
If ForcePKCEForPublicClients is true, then authorization and token requests from public clients.
MUST adhere to the Proof Key for Code Exchange (PKCE) specification.
| GenerateTokenClass |
GenerateTokenClass is the name of a class with the same signatures as OAuth2.Server.Generate which overrides.
the GenerateToken method. The GenerateToken method must generate an opaque token consisting of a random number. We will also supply a class matching the OAuth2.Server.Generate interface - OAuth2.Server.JWT, which will generate a signed JWT based on the token properties.
| IssuerEndpoint |
IssuerEndpoint is the endpoint for this authorization server.
| JWKSFromCredentials |
JWKSFromCredentials is true if the JWKSs were created from ServerCredentials.
This property should never be set directly for configuration.
| KeyAlgorithm |
KeyAlgorithm specifies the default key management algorithm used to create JWEs or "" if JWTs are not to be encrypted.
Keylgorithm is used for any client specific algorithm which is not specified. See <Class>Net.JSON.JWA</Class> for the list of supported algorithms. If KeyAlgorithm is specified, EncryptionAlgorithm must also be specified.
The meta data which describes this authorization server,.
| RefreshTokenInterval |
RefreshTokenInterval is the interval in seconds after which a refresh token issued.
by this server will expire. The default is 24 hours = 86400 seconds.
| ReturnRefreshToken |
ReturnRefreshToken defines the conditions under which a refresh token is returned along with the access token.
This property is a string of multiple condition characters which are OR'ed. "" means only return a RefreshToken as required by OpenID Connect.
| RevokeTokenClass |
RevokeTokenClass is the name of a class with the same signatures as OAuth2.Server.Revoke which overrides.
the OnRevokeToken method. Any custom handling on token revocation can be done in this method.
| SSLConfiguration |
The name of the activated TLS/SSL configuration to use loading a request object.
Chosen by user during configuration.
| ServerCredentials |
ServerCredentials is the alias of the SYS.X509Credentials object which contains the authoriization server's.
certificate and private key.
| ServerPassword |
ServerPassword is the password for the private key in ServerCredentials if the password is not in the SYS.X5009Credentials object.
| SessionClass |
SessionClass is the name of a class with the same signatures as OAuth2.Server.Session.
which includes GetUser, Login and Logout methods. These methods maintain an OAuth 2.0 session using any appropriate means. The default OAuth2.Session class uses an httpOnly cookie.
| SessionInterval |
SessionInterval is the interval in seconds after which a user session will be.
automatically terminated. The value 0 means the session will not be automatically terminated. The default is 24 hours = 86400 seconds.
| SigningAlgorithm |
SigningAlgorithm specifies the default signing algorithm used to create JWSs or "" if JWTs are not to be signed.
SigningAlgorithm is used for any client specific algorithm which is not specified. See <Class>Net.JSON.JWA</Class> for the list of supported algorithms.
| SupportSession |
If SupportSession is true, then OAuth 2.0 user sessions will be supported using.
the specified SessionClass.
| SupportedGrantTypes |
**** Moved to OAuth2.Server.Metadata when dynamic client support introduced
SupportedGrantTypes is the grant types that are supported to create an access token. This property is a string of 1 to 5 characters with one character for each supported grant type as follows:
| SupportedScopes |
SupportedScopes is a ArrayOfDatatypes which specifies all scopes supported by this Authorization Server.
The index for each array element is the scope and the value is the description of the scope for display.
| ValidateUserClass |
ValidateUserClass is the name of a class with the same signatures as OAuth2.Server.Validate which may override the.
ValidateUser method which validates a user and associates a set of properties with this user.
1.9.1