Home > Class Reference > %SYS namespace > OAuth2.Client


persistent class OAuth2.Client extends %Library.Persistent

SQL Table Name: OAuth2.Client

The OAuth2.Application class describes an OAuth2 client and references the Authorization server that it uses to authorize the application based on RFC 6749. A client system may be used with multiple authorization servers for different applications.


property ApplicationName as %String (MAXLEN = 64, MINLEN = 1) [ Required ];
The ApplicationName identifies this application (clien + authorization server) configuration.
Chosen by user during configuration.
Property methods: ApplicationNameDisplayToLogical(), ApplicationNameGet(), ApplicationNameGetStored(), ApplicationNameIsValid(), ApplicationNameLogicalToDisplay(), ApplicationNameLogicalToOdbc(), ApplicationNameNormalize(), ApplicationNameSet()
property AuthenticationType as %String (VALUELIST = ",none,basic,body,client_secret_jwt,private_key_jwt") [ InitialExpression = "basic" ];
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
The type of authentication (as specified in RFC 6749 or OpenID Connect Core section 9) to be used for HTTP requests to the authorization server.
Property methods: AuthenticationTypeDisplayToLogical(), AuthenticationTypeGet(), AuthenticationTypeGetStored(), AuthenticationTypeIsValid(), AuthenticationTypeLogicalToDisplay(), AuthenticationTypeLogicalToOdbc(), AuthenticationTypeNormalize(), AuthenticationTypeSet()
property ClientCredentials as %String;
ClientCredentials is the alias of the %SYS.X509Credentials object which contains the client's certificate and private key.
Property methods: ClientCredentialsDisplayToLogical(), ClientCredentialsGet(), ClientCredentialsGetStored(), ClientCredentialsIsValid(), ClientCredentialsLogicalToDisplay(), ClientCredentialsLogicalToOdbc(), ClientCredentialsNormalize(), ClientCredentialsSet()
property ClientId as %String (MAXLEN = 1024);
The client id that is supplied during client registration.
Required for all ClientTypes.
Property methods: ClientIdDisplayToLogical(), ClientIdGet(), ClientIdGetStored(), ClientIdIsValid(), ClientIdLogicalToDisplay(), ClientIdLogicalToOdbc(), ClientIdNormalize(), ClientIdSet()
property ClientPassword as %String (MAXLEN = 128);
ClientPassword is the password for the private key in ClientCredentials if the password is not in the %SYS.X5009Credentials object
Property methods: ClientPasswordDisplayToLogical(), ClientPasswordGet(), ClientPasswordGetStored(), ClientPasswordIsValid(), ClientPasswordLogicalToDisplay(), ClientPasswordLogicalToOdbc(), ClientPasswordNormalize(), ClientPasswordSet()
property ClientSecret as %String (MAXLEN = 1024);
The client secret that is supplied during client registration.
Required if ClientType is confidential or resource server.
Property methods: ClientSecretDisplayToLogical(), ClientSecretGet(), ClientSecretGetStored(), ClientSecretIsValid(), ClientSecretLogicalToDisplay(), ClientSecretLogicalToOdbc(), ClientSecretNormalize(), ClientSecretSet()
property ClientType as %String (VALUELIST = ",public,confidential,resource") [ Required ];
The type of client configuration:
public - a public client. See RFC 6749 confidential - a confidential client. See RFC 6749 resource - a resource server which is not also a client.
Chosen by user during configuration. Will usually be confidential client for Cache application.
Property methods: ClientTypeDisplayToLogical(), ClientTypeGet(), ClientTypeGetStored(), ClientTypeIsValid(), ClientTypeLogicalToDisplay(), ClientTypeLogicalToOdbc(), ClientTypeNormalize(), ClientTypeSet()
property DefaultScope as %String (MAXLEN = 1024);
The default scope, as a blank separated list, for access token requests.
Chosen by user during configuration.
Property methods: DefaultScopeDisplayToLogical(), DefaultScopeGet(), DefaultScopeGetStored(), DefaultScopeIsValid(), DefaultScopeLogicalToDisplay(), DefaultScopeLogicalToOdbc(), DefaultScopeNormalize(), DefaultScopeSet()
property Description as %String (MAXLEN = 256);
Description of the application.
Chosen by user during configuration.
Property methods: DescriptionDisplayToLogical(), DescriptionGet(), DescriptionGetStored(), DescriptionIsValid(), DescriptionLogicalToDisplay(), DescriptionLogicalToOdbc(), DescriptionNormalize(), DescriptionSet()
property Enabled as %Boolean [ InitialExpression = 1 , Required ];
True if client application is enabled.
Chosen by user during configuration.
Property methods: EnabledDisplayToLogical(), EnabledGet(), EnabledGetStored(), EnabledIsValid(), EnabledLogicalToDisplay(), EnabledNormalize(), EnabledSet()
property EncryptionAlgorithm as %String (VALUELIST = ",A128CBC-HS256,A192CBC-HS384,A256CBC-HS512");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
EncryptionAlgorithm specifies the encryption algorithm used to create JWEs or "" if JWTs are not to be encrypted. See %OAuth2.JWT for the list of supported algorithms. If EncryptionAlgorithm is specified, KeyAlgorithm must also be specified.
Property methods: EncryptionAlgorithmDisplayToLogical(), EncryptionAlgorithmGet(), EncryptionAlgorithmGetStored(), EncryptionAlgorithmIsValid(), EncryptionAlgorithmLogicalToDisplay(), EncryptionAlgorithmLogicalToOdbc(), EncryptionAlgorithmNormalize(), EncryptionAlgorithmSet()
property JWTInterval as %Integer [ InitialExpression = 60 ];
JWTInterval is the interval in seconds after which a JWT expires which is used for client_secret_jwt or private_key_jwt authentication types. The default is 1 minute. There should be no need to change the default since this JWT may only be used once.
Property methods: JWTIntervalDisplayToLogical(), JWTIntervalGet(), JWTIntervalGetStored(), JWTIntervalIsValid(), JWTIntervalLogicalToDisplay(), JWTIntervalNormalize(), JWTIntervalSet()
property KeyAlgorithm as %String (VALUELIST = ",RSA1_5,RSA-OAEP");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
KeyAlgorithm specifies the key management algorithm used to create JWEs or "" if JWTs are not to be encrypted. See %OAuth2.JWT for the list of supported algorithms. If KeyAlgorithm is specified, EncryptionAlgorithm must also be specified.
Property methods: KeyAlgorithmDisplayToLogical(), KeyAlgorithmGet(), KeyAlgorithmGetStored(), KeyAlgorithmIsValid(), KeyAlgorithmLogicalToDisplay(), KeyAlgorithmLogicalToOdbc(), KeyAlgorithmNormalize(), KeyAlgorithmSet()
property Metadata as OAuth2.Client.Metadata;
The meta data which describes this client.
Property methods: MetadataGet(), MetadataGetObject(), MetadataGetObjectId(), MetadataGetStored(), MetadataGetSwizzled(), MetadataIsValid(), MetadataNewObject(), MetadataSet(), MetadataSetObject(), MetadataSetObjectId(), MetadataUnSwizzle()
property RedirectionEndpoint as OAuth2.Endpoint;
The endpoint object for the URL to be used by the authorization server to return the response to an authorization request.
Required if ClientType is public or confidential, Chosen by user during configuration.
Property methods: RedirectionEndpointGet(), RedirectionEndpointGetObject(), RedirectionEndpointGetObjectId(), RedirectionEndpointGetStored(), RedirectionEndpointGetSwizzled(), RedirectionEndpointIsEmpty(), RedirectionEndpointIsValid(), RedirectionEndpointNewObject(), RedirectionEndpointSet(), RedirectionEndpointSetObject(), RedirectionEndpointSetObjectId(), RedirectionEndpointUnSwizzle()
property SSLConfiguration as %String (MAXLEN = 64, MINLEN = 1) [ Required ];
The name of the activated TLS/SSL configuration to use for authorization server requests.
Chosen by user during configuration.
Property methods: SSLConfigurationDisplayToLogical(), SSLConfigurationGet(), SSLConfigurationGetStored(), SSLConfigurationIsValid(), SSLConfigurationLogicalToDisplay(), SSLConfigurationLogicalToOdbc(), SSLConfigurationNormalize(), SSLConfigurationSet()
relationship ServerDefinition as OAuth2.ServerDefinition [ Inverse = Clients , Cardinality = one ];
ServerDefinition is the reference to the OAuth2.ServerDefinition object which describes the authorization server to be used for this client.
Property methods: ServerDefinitionCheck(), ServerDefinitionDelete(), ServerDefinitionGet(), ServerDefinitionGetObject(), ServerDefinitionGetObjectId(), ServerDefinitionGetStored(), ServerDefinitionGetSwizzled(), ServerDefinitionIsValid(), ServerDefinitionNewObject(), ServerDefinitionOnDelete(), ServerDefinitionRClose(), ServerDefinitionRExec(), ServerDefinitionRFetch(), ServerDefinitionRelate(), ServerDefinitionSQLCompute(), ServerDefinitionSQLFKeyExists(), ServerDefinitionSQLFKeyRefAction(), ServerDefinitionSet(), ServerDefinitionSetObject(), ServerDefinitionSetObjectId(), ServerDefinitionUnRelate(), ServerDefinitionUnSwizzle()
property SigningAlgorithm as %String (VALUELIST = ",RS256,RS384,RS512");
**** Replaced by OAuth2.Client.Metadata properties when dynamic client support introduced
SigningAlgorithm specifies the signing algorithm used to create JWSs or "" if JWTs are not to be signed. See %OAuth2.JWT for the list of supported algorithms.
Property methods: SigningAlgorithmDisplayToLogical(), SigningAlgorithmGet(), SigningAlgorithmGetStored(), SigningAlgorithmIsValid(), SigningAlgorithmLogicalToDisplay(), SigningAlgorithmLogicalToOdbc(), SigningAlgorithmNormalize(), SigningAlgorithmSet()


classmethod DeleteId(id As %String) as %Status
Delete this client configuration.
classmethod Open(applicationName As %String, Output sc As %Status) as OAuth2.Client
Open an OAuth2.Client instance based on the applicationName ID property
method RotateKeys() as %Status
Rotate the client's public/private key pairs by adding a new key pair to the JWKS and saving the JWKS. At this time, all private keys are kept. In the future only a limited set of private keys will be kept.

Inherited Methods

%AddToSaveSet() %GUIDSet() %OriginalNamespace()
%AddToSyncSet() %GetLock() %PackageName()
%BMEBuilt() %GetParameter() %PhysicalAddress()
%CheckConstraints() %GetSwizzleObject() %PurgeIndices()
%CheckConstraintsForExtent() %Id() %Reload()
%ClassIsLatestVersion() %InsertBatch() %RemoveFromSaveSet()
%ClassName() %IsA() %ResolveConcurrencyConflict()
%ComposeOid() %IsModified() %RollBack()
%ConstructClone() %IsNull() %Save()
%Delete() %KillExtent() %SaveDirect()
%DeleteExtent() %KillExtentData() %SaveIndices()
%DeleteId() %LoadFromMemory() %SerializeObject()
%DispatchClassMethod() %LockExtent() %SetModified()
%DispatchGetModified() %LockId() %SortBegin()
%DispatchGetProperty() %New() %SortEnd()
%DispatchMethod() %NormalizeObject() %SyncObjectIn()
%DispatchSetModified() %ObjectIsNull() %SyncTransport()
%DispatchSetMultidimProperty() %ObjectModified() %UnlockExtent()
%DispatchSetProperty() %Oid() %UnlockId()
%Exists() %OnBeforeAddToSync() %ValidateIndices()
%ExistsId() %OnDetermineClass() %ValidateObject()
%Extends() %Open()
%GUID() %OpenId()


query List()
SQL Query:
SELECT ApplicationName, ClientType, DefaultScope FROM Client ORDER BY ApplicationName
List client applications for SMP page
query ListForServer(serverID As %String)
SQL Query:
SELECT ApplicationName, ClientType, DefaultScope FROM Client WHERE ServerDefinition->ID=:serverID ORDER BY ApplicationName
List client applications that use the sppecified server


index (IDIndex on ApplicationName) [IdKey, Type = key, Unique];
The IDKEY for the application class.
Index methods: IDIndexCheck(), IDIndexDelete(), IDIndexExists(), IDIndexOpen(), IDIndexSQLCheckUnique(), IDIndexSQLExists(), IDIndexSQLFindPKeyByConstraint(), IDIndexSQLFindRowIDByConstraint()


Storage Model: CacheStorage (OAuth2.Client)