· Jan 15, 2018

Access token storage

Hi community ,

i work actually on the access token generation method , i want know where the generated access token are saved ?

My [OAuth2.AccessToken]  tabe is empty , it's logical?

thank's for helping .

Best regards

Discussion (5)0
Log in or sign up to continue

If you are generating access tokens, then you are probably on the server where the access tokens are stored in OAuth2.Server.AccessToken.  OAuth2.AccessToken is where the access tokens are stored on the client. 

Both of these tables must be accessed from the %SYS namespace and privileges to access CACHESYS database are required.

Hello Martin,

Thank you for your response. I'm working with Sofiane on OAuth2 implementation.

Actually we manage to generate tokens on the authorization server level. we found our tokens stored in OAuth2.Server.AccessToken.  

Then when we try to autorize a client to use a resource from the resource server . we use the  ##class(%SYS.OAuth2.AccessToken).IsAuthorized method . But it always return a 0 value even when we use an access token which existing in OAuth2.Server.AccessToken table

I checked the OAuth2.AccessToken but i found it empty. 

Any clue about this issue ?

Thank you in advance

Consider the flow of the access token:

1. Client requests the access token.

2. authorization server authenticates user and issues token

3. client receives token -- IsAuthorized will now return 1 in the same CSP session

4. client uses access token in Authorization header to authorize to resource server.

5. The resource server knows nothing about the access token at this point.  In order to validate the access token, the resource server either needs to check signatures (%SYS.OAuth2.Validation:ValidateJWT) or contact the authorization server (%SYS.OAuth2.AccessToken methods GetUserinfo or GetIntrospection).  Exactly which method to use depends on how the authorization server is configured. The standards do not specify in detail.  You need to contact the authorization server support folks.

Hello Martin,

Thank you for your valuable help

Actually i'm at step 4. I tried to use everyone of the methods that you mentionned to validate the access token. but each time i get this error displayed : "error": "ERREUR #5002: Erreur Cache: <UNDEFINED>zGetUserinfo+10^%SYS.OAuth2.AccessToken.1 *applicationName", eventhough i used the same application name for the first 3 steps and it worked just fine.

ANy idea about this issue ? thank you in advance

Best regards