The authorization server supports the OpenId Connect specification. More...

Inheritance diagram for OpenID:

[legend]

Collaboration diagram for OpenID:

[legend]

Static Public Member Functions
_.Library.String	CreateIDToken (OAuth2.Server.AccessToken token, _.Library.Status sc)
	Add the additional properties that are needed for the IDToken. More...

_.Library.String	Hash (_.Library.String alg, _.Library.String tokenString)
	Compute the token hash.

_.Library.Boolean	IsOpenID (_.Library.String scope)
	Is this an OpenID authorization request? Find out by looking for openid scope.

_.Library.Boolean	Validate (_.Library.String applicationName, _.Library.String IDToken, _.Library.String accessToken, _.Library.String scope, _.Library.String aud, _.Library.RegisteredObject jsonObject, _.Library.String securityParameters, _.Library.Status sc)
	Validate validates the signed OpenID Connect ID token and creates an object to reflect the JWT properties. More...

Detailed Description

The authorization server supports the OpenId Connect specification.

The OAuth2.Server.OpenID class is a helper class which contains the OpenID functionality.

This class is used internally by InterSystems IRIS. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class.

Member Function Documentation

◆ CreateIDToken()

_.Library.String CreateIDToken	(	OAuth2.Server.AccessToken	token,
		_.Library.Status	sc
	)

static

Add the additional properties that are needed for the IDToken.

Create an IDToken based on token properties. We assume server is the server configuration.

◆ Validate()

_.Library.Boolean Validate	(	_.Library.String	applicationName,
		_.Library.String	IDToken,
		_.Library.String	accessToken,
		_.Library.String	scope,
		_.Library.String	aud,
		_.Library.RegisteredObject	jsonObject,
		_.Library.String	securityParameters,
		_.Library.Status	sc
	)

static

Validate validates the signed OpenID Connect ID token and creates an object to reflect the JWT properties.

Validate also validates the access token based on the at_hash property of the IDToken. The applicationName argument is the name of the client or resource server configuration which contains authorization server access data, such as authorization server ServerCredentials. The scope argument is a blank separated list of scope values. If scope is specified, the acces token must have an associated scope which is a superset of the scope parameter.
The aud argument specifies the audience which is using the token. If the token has an associated aud property (usually because the audience was specified when requesting the token), then aud is matched to the token audience. If aud is not specified, then no audience checking takes place.
The claims in the JSON object are returned in jsonObject .
securityParameters - Array of Strings that was used to set the JSON Object Signature and/or Encryption operations to be performed on the JWT

See <Class>Net.JSON.JWA</Class> for the list of supported algorithms.
For JSON Web Signature (JWS):
securityParameters("sigalg") - Signature or MAC algorithm.
For JSON Web Encryption (JWE):
securityParameters("keyalg") - Key management algorithm
Note, securityParameters("keyalg") and securityParameters("encalg") must both be specified or null.
See <Class>Net.JSON.JWA</Class> for the list of supported algorithms.

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ CreateIDToken()

◆ Validate()