class Ens.Util.OAuth2.Settings
extends %RegisteredObject
This class is used to add the necessary OAuth2 property
settings to adapters/host items.
Initial implementation is to allow EMail adapters to
use SASL XOAUTH2
• parameter DEFAULTOAUTH2CALLBACKHANDLER = "Ens.Util.OAuth2.Handler";
Default OAuth2 Call Back Handler class.
• parameter SETTINGS = "OAuth2ApplicationName:OAuth2,OAuth2GrantType:OAuth2,OAuth2CallBackHandler:OAuth2,OAuth2Scope:OAuth2,OAuth2AuthProperties:OAuth2,OAuth2JWTSubject:OAuth2 Grant Specific,OAuth2AuthorizationWorkFlowRole:OAuth2";
Expose the properties by default.
• property OAuth2ApplicationName
as %String(MAXLEN=128);
Optional - OAuth2 Client Configuration Application name to use.
If specified sub classes can use this as an indication that OAUTH2 is to be used
and the name is used in the Authorization and Access Token retrieval process.
• property OAuth2AuthProperties
as %String(MAXLEN="") [ InitialExpression = "access_type=offline" ];
Optional - extra properties to included in the grant flow authorization process.
Comma separated key value pairs such as access_type=offline,prompt=consent
• property OAuth2AuthorizationWorkFlowRole
as %String [ InitialExpression = $$$EnsWFRoleOAuth2Authorizers ];
Optional - This is the Workflow Role to which authorization requests will be sent depending on Grant Type flow
• property OAuth2CallBackHandler
as %String(MAXLEN=64) [ InitialExpression = ..#DEFAULTOAUTH2CALLBACKHANDLER ];
If OAuth2AppName is specified this class is used to handle obtaining the access token.
The default is Ens.Util.XOAuth2.Handler which can be subclassed for access token retrieval customization.
• property OAuth2GrantType
as %String(DISPLAYLIST=",Authorization Code,Client Credentials,JWT Authorization",VALUELIST=",AuthCode,ClientCredentials,JWTAuth") [ InitialExpression = "AuthCode" ];
If using OAUTH2 this is the grant type flow that the OAuth2CallBackHandler will follow.
Ability to follow the grant flow type will depend on the OAuth2CallBackHandler as well as IRIS and
the external OAuth2 server's support for the grant type flow.
• property OAuth2GrantTypeSpecific
as %DynamicObject;
Dynamic Object containing optional Grant Type specific values for example pGrantTypeSpecific.JWTAuth.Subject.
It is constructed from other properties. Currently OAuth2JWTSubject
• property OAuth2JWTSubject
as %String(MAXLEN=256);
Optional - This is the JWT Subject when using the JWT Authorization Grant Type flow
• property OAuth2Scope
as %String(MAXLEN=256);
Optional - Specify the scope to be included in the authorization request.
If not specified the default scope specified in the OAuth2 Client Configuration Application name.
• property OAuth2SessionId
as %String(MAXLEN=50);
This is the OAuth2 session Id (different from Interoperability Message Session Id)
which is combined with the OAuth2 Application name to identify the Access Token source.
The maximum length is 50 characters and if shared with other host items it is necessary to
ensure the authorization is appropriate.
Any custom value cannot include ||
If none is specified the combination of namespace,production,config name is used to create an
instance wide unique string.
• method OAuth2CallBackHandlerSet(tOAuth2CallBackHandler As %String)
as %Status
Check that the OAuth2 Call Back Handler class extends the system default OAuth2 Call Back Handler class
• method OAuth2GrantTypeSpecificGet()
as %String
Construct Grant Type specific dynamic object.
• method OAuth2SessionIdGet()
as %String
Use the default if not set using the method GetDefaultSessionIdForRunningHostItem()
in the OAuth2 Call Back Handler class.
