Soufiane Amroun · Nov 10, 2017

Oauth2 validate method

Hi community

i'm working on the validation user method , i found this following  code in the  \HSIE\%SYS\Classes\%OAuth2\Server\Validate.cls  

ClassMethod ValidateUser(username As %String, password As %String, scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, Output sc As %Status) As %Boolean
    // Check if user is defined.
    // We use local Cache user list as the shipped default.
    If '##class(Security.Users).Exists(username,.user,.sc) || $$$ISERR(sc) {
        If $$$ISERR(sc),$$$GETERRORCODE(sc)=$$$ERRORCODE($$$UserDoesNotExist) {
            Set sc=$$$OK
        Quit 0
    // Check the password
    If password'="",'##class(Security.Users).CheckPassword(user,password) {
        Quit 0
    // Get the properties associated with this user.
    Set sc=##class(Security.Users).GetProperties(user,.prop)
    If $$$ISERR(sc) Quit 0

    // Use the Cache roles for the user to setup a custom property.
    Set sc=##class(Security.Roles).RecurseRoleSet(prop("Roles"),.roles)
    If $$$ISERR(sc) Quit 0
    set roles=prop("Roles")
    Do properties.CustomProperties.SetAt(roles,"roles")

    // Setup claims for profile and email OpenID Connect scopes.
    Do properties.SetClaimValue("sub",username)
    Do properties.SetClaimValue("preferred_username",username)
    If $get(prop("EmailAddress"))'="" {
        Do properties.SetClaimValue("email",prop("EmailAddress"))
        Do properties.SetClaimValue("email_verified",0,"boolean")
    If $get(prop("FullName"))'="" {
        Do properties.SetClaimValue("name",prop("FullName"))
    If $get(prop("PhoneNumber"))'="" {
        Do properties.SetClaimValue("phone_number",prop("PhoneNumber"))
        Do properties.SetClaimValue("phone_number_verified",0,"boolean")
    // Setup claim for when user last updated.
    If $get(prop("LastModifiedDateTime"))'="" {
        Set time=##class(%OAuth2.Utils).TimeInSeconds(prop("LastModifiedDateTime"),0)
        Do properties.SetClaimValue("updated_at",time,"number")
    Quit 1

but i want implement this method on my own user's database , so how i can i adapt it in my code.


1 0 2 409
Log in or sign up to continue


You should be able to create a new class in whatever database you're doing this in, no parent class needed.
Within that class define a ValidateUser class method as above. It should check their credentials and confirm a user exists. If you're using the Caché users table you can use the example above, otherwise you'll need to open the relevant person class and pull the relevant fields from there. Then set the claims that you want to send back to the client based on which scopes you're using. You can set claims with:

Do properties.SetClaimValue("name",tUser.Name)

You can check scopes with something like:


Then in the portal under System Admin -> Security -> OAuth2 -> Server. Go to the Customization tab and change the Validate User Class to your new class name. That will make the OAuth processing look there for a ValidateUser method and call it.



Thank you so much orion  for help  ;)