OpenID Class

Properties   Methods   Events   Config Settings   Errors  

The OpenID class is used to verify the identify of a user as well as get basic profile information.

Syntax

ipworksauth.openid()

Remarks

The OpenID class implements an OpenID Connect (OIDC) Relying Party (RP) capable of authenticating a user and retrieving user information. OIDC is a simple identity layer on top of OAuth 2.0 and re-uses much of the functionality and concepts defined by OAuth 2.0.

To begin using the class you will first need to register your application with the service you want to use. During this process you should obtain a ClientId and ClientSecret. The following sections discuss the typical steps to verify the identity of a user and obtain profile information.

Get the Discovery Document

Many OpenID Providers (OPs) provide information via a Discovery Document. The discovery document defines information such as the endpoint URLs for authentication, tokens, and user information requests. Additionally, details about parameters such as supported authorization scopes are defined in this document. The document is found at a URL which can be fetched and parsed by calling the GetDiscoveryDoc method.

The discovery document URL is typically published by an OpenID Provider (OP) and must be known before calling this method. The format of the URL is standardized and typically takes the form:

https://www.youropenidserver.com/.well-known/openid-configuration

Call GetDiscoveryDoc before calling GetAuthorization to populate the class properties with information required to complete the authorization. The retrieved information includes endpoint URLs as well as the OpenID public certificates used to verify the signature on the ID Token. After calling this method the following properties are populated:

• ServerAuthURL
• ServerTokenURL
• ServerUserInfoURL
• SignerCertURL

The above values may be stored, and later populated from the stored values, to avoid the requirement of calling GetDiscoveryDoc on subsequent authorization requests.

The following discovery document fields are populated after GetDiscoveryDoc returns:

• DiscoveryDocDetailsAuthorizationURL
• DiscoveryDocDetailsClaimsParamSupported
• DiscoveryDocDetailsIssuer
• DiscoveryDocDetailsSignerCertURL
• DiscoveryDocDetailsRegistrationURL
• DiscoveryDocDetailsServiceDocsURL
• DiscoveryDocDetailsSupportedClaims
• DiscoveryDocDetailsSupportedDisplays
• DiscoveryDocDetailsSupportedGrantTypes
• DiscoveryDocDetailsSupportedResponseTypes
• DiscoveryDocDetailsSupportedScopes
• DiscoveryDocDetailsTokenURL
• DiscoveryDocDetailsUserInfoURL

To access values not automatically parsed by the class the XPath configuration setting may be set to retrieve a specific value. Alternatively the RawJSON setting returns the entire JSON document which may be parsed separately.

Note: Calling GetDiscoveryDoc is not mandatory. If server information was stored from a previous call or is otherwise known ahead of time the following properties may be set in place of calling GetDiscoveryDoc:

• ServerAuthURL
• ServerTokenURL
• ServerUserInfoURL
• SignerCertURL or SignerCert

Examples of the above points: openid.GetDiscoveryDoc("https://accounts.google.com/.well-known/openid-configuration"); // ... or ... openid.ServerAuthURL = "https://accounts.google.com/o/oauth2/v2/auth"; openid.ServerTokenURL = "https://oauth2.googleapis.com/token"; openid.ServerUserInfoURL = "https://openidconnect.googleapis.com/v1/userinfo"; openid.SignerCertURL = "https://www.googleapis.com/oauth2/v3/certs"; // ... or ... string rawjson = openid.Config("RawJSON");

Get Authorization

Before calling GetAuthorization the class may be configured for one of several flows defined by the GrantType property. These flows determine which information is returned by the authorization server and which information (if any) is returned by the Token server.

Possible values for GrantType are:

• 0 (Authorization Code - Default)
• 1 (Implicit)
• 2 (Hybrid)

When using 0 (Authorization Code Flow - Default), an authorization code is returned from the ServerAuthURL and the class automatically contacts the ServerTokenURL and exchanges the authorization code for an ID Token and access token.

When using 1 (Implicit Flow), the ServerAuthURL returns an ID Token and access token directly. This is only recommended for implementations that are in-browser, as this potentially exposes the tokens to the end-user and user agent itself.

When using 2 (Hybrid Flow), an authorization code and potentially one or more tokens are returned by the ServerAuthURL. The class will automatically contact the ServerTokenURL to exchange the authorization code for an ID Token and access token.

When GrantType and any other optional settings are set as desired, call GetAuthorization.

GetAuthorization performs several operations automatically depending on the value of ClientProfile. Please see the introduction section for the OpenID class for a detailed overview of the typical scenarios.

After authorization is complete, UserDetails will be populated with the claims parsed from the ID Token. This method also returns an authorization string. The authorization string grants access to additional resources as requested via the AuthorizationScope property. If access to another resource was requested, then the access token returned here may be set in the Authorization property of any other class (or passed as the value of the HTTP Authorization header).

GetUserInfo may be called after calling this method.

The following properties are applicable when calling this method:

• ClientId (required)
• ClientSecret (required)
• ServerAuthURL (required - populated by GetDiscoveryDoc.)
• ServerTokenURL (required - populated by GetDiscoveryDoc.)
• SignerCertURL (conditional - populated by GetDiscoveryDoc. Required if SignerCert is not set.)
• SignerCert (conditional - required if SignerCertURL is not set.)
• AuthorizationScope
• ClientProfile
• GrantType
• Params
• RefreshToken
• ReturnURL
• State
• Timeout
• Display
• Prompt
• IdTokenHint
• LoginHint
• ResponseType

For the default Authorization Code flow, GetAuthorization could work like this: openid.ClientId = "client id"; openid.ClientSecret = "client secret"; openid.AuthorizationScope += " profile email"; // default value is 'openid' openid.State = "application state"; string authToken = openid.GetAuthorization();

Get User Info

When GetAuthorization returns, the UserDetails property is populated with information about the user as returned in the ID Token from the authorization server. An additional operation, GetUserInfo may optionally be called to query the ServerUserInfoURL for information about the user.

Before calling the GetUserInfo method, a successful call to GetAuthorization must be made. The access token returned by GetAuthorization is used by the OpenID provider at ServerUserInfoURL to identify the user for which claims are being retrieved.

When this method is called the class requests the claims about the user from the ServerUserInfoURL. The resulting claims are available in the UserDetails property.

Note: The GetUserInfo method will populate the UserDetails property with the claims returned in the ID Token during the authorization process. This method may not need to be called in order to access the desired claims about the user.

openid.GetUserInfo(); // ... use the user info in the remainder of your application ...

Client Profile Notes

The ClientProfile defines the environment in which the class is being used, and controls how the class behaves in order to best suit that environment. Choose the profile that is closest to the runtime environment.

The following client types are currently supported by the class:

• Application (desktop application)
• WebServer (server side application such as a web site)
• Device (an application without browser access such as a game console)
• Mobile (phone or tablet application)
• Browser (javascript application)
• JWT (server to server authentication using a JWT bearer token such as Google service account authentication)

Application Profile

The Application profile is applicable to applications that are run directly by the user. For instance, a Windows form application would use the Application profile. To authorize your application (client) using the Application profile, use the following steps:

First, set ClientProfile to ocpApplication. This defines the profile the class will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application.

Second, call GetAuthorization to begin the authorization process. When GetAuthorization is called, the class will build the URL to which the user will be directed and fire the LaunchBrowser event. The class will then launch the browser using the command and URL shown in the LaunchBrowser event and await the response. The duration for which the class will wait for a response is defined by BrowserResponseTimeout.

Third, the user will interact with the browser to authenticate and grant access to the connecting application. The user will then be redirected back to an embedded web server that was automatically started when GetAuthorization was called. At this time, the ReturnURL event will fire. This event provides an opportunity to provide a custom response to your user that they will see in their browser.

Fourth, the class will then automatically exchange the grant that was returned by the authorization server for the access token using the HTTP endpoint specified in ServerTokenURL.

The authorization is now complete and the GetAuthorization method will return the authorization string. The authorization string can then be used with any of our components by simply setting the returned value to the authorization property before making a request.

The following is a simple example: component.ClientId = "CLIENT_ID"; component.ClientSecret = "CLIENT_ID"; component.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth"; component.ServerTokenURL = "https://accounts.google.com/o/oauth2/token"; HTTP.Authorization = component.GetAuthorization(); HTTP.Get("https://www.googleapis.com/oauth2/v1/userinfo");

Web Profile

The Web profile is applicable to applications that are run on the server side when the user uses the application from a web browser. To authorize your application (client) using this profile, use the following steps:

First, set ClientProfile to ocpWeb. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Set ReturnURL to the page on your site that will be the endpoint the user is redirected back to after authentication.

Second, call GetAuthorizationURL. This will return a URL to which the user should be redirected. Redirect the user to this URL.

Third, after the user authenticates and is returned to the page on your site specified by ReturnURL, parse the "code" query string parameter from the incoming request to get the authorization code from the authorization server. Then, set AuthorizationCode property to the parsed value.

Fourth, after AuthorizationCode is set, call GetAuthorization to exchange the code specified in AuthorizationCode for a token from the server specified by ServerTokenURL. GetAuthorization will then return the authorization string. The authorization string can be used with any of our components by simply setting the returned value to the authorization property before making a request.

For additional details for less common profile types please see ClientProfile.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

OpenID.AccessToken Property

The access token returned by the authorization server.

Syntax

getAccessToken(): string;
setAccessToken(accessToken: string): void;

Default Value

""

Remarks

This property will be populated with the access token returned by the authorization server after a call to GetAuthorization. This will be the raw access token, whereas the return value from the GetAuthorization method will also include the required data so that it can be passed directly to the Authorization property of other components or added as the value of the authorization header in another client implementation.

OpenID.AccessTokenExp Property

The lifetime of the access token.

Syntax

getAccessTokenExp(): number;

Default Value

0

Remarks

This setting holds the lifetime of the access token in seconds. For instance the value 3600 indicates that the token will expire in one hour from the time it was generated.

This property is read-only.

OpenID.AuthorizationCode Property

The authorization code that is exchanged for an access token.

Syntax

getAuthorizationCode(): string;
setAuthorizationCode(authorizationCode: string): void;

Default Value

""

Remarks

This property is used with the AuthorizationCode GrantType. When ClientProfile is set to ocpApplication (Application flow), this property will be informational only, as the GetAuthorization method will automatically exchange this code for a token with the authorization server specified in ServerTokenURL.

When ClientProfile is set to ocpWeb (Web flow), this property needs to be set to the authorization code returned from the authorization server. Typically, this value is parsed when the service redirects the user back to your website. See ClientProfile for more information.

If this property is set before calling GetAuthorization, the class will not make a request to the authorization sever and instead will attempt to exchange the code with the authorization server for an access token.

This property is not available at design time.

OpenID.AuthorizationScope Property

The authorization scope used during authorization.

Syntax

getAuthorizationScope(): string;
setAuthorizationScope(authorizationScope: string): void;

Default Value

"openid"

Remarks

This property specifies the authorization scopes sent in the authorization request. The value specified here must be a space separated list of scopes. For instance openid profile email.

The openid scope is always required to be present. The default value is openid.

After calling GetAuthorization this property will be updated with the scope sent in the response from the server and will indicate the scope that was actually granted.

OpenID.ClientId Property

The Id of the client assigned when registering the application.

Syntax

getClientId(): string;
setClientId(clientId: string): void;

Default Value

""

Remarks

This property holds the Id of the client that was assigned when initially registering the application with the authorization server. This value must be specified before calling GetAuthorization or GetAuthorizationURL.

OpenID.ClientProfile Property

The type of client that is requesting authorization.

Syntax

getClientProfile(): OpenIDClientProfiles;
setClientProfile(clientProfile: OpenIDClientProfiles): void;

enum OpenIDClientProfiles {
  ocpApplication,
  ocpWeb,
  ocpDevice,
  ocpMobile,
  ocpJWT
}

Default Value

0

Remarks

This defines the type of client that will be requesting authorization. Set this before calling GetAuthorization to inform the class to act accordingly. Possible values are as follows:

Application Profile

The Application profile is applicable to applications that are run directly by the user. For instance, a Windows form application would use the Application profile. To authorize your application (client) using the Application profile, use the following steps:

First, set ClientProfile to ocpApplication. This defines the profile the class will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application.

Second, call GetAuthorization to begin the authorization process. When GetAuthorization is called, the class will build the URL to which the user will be directed and fire the LaunchBrowser event. The class will then launch the browser using the command and URL shown in the LaunchBrowser event and await the response. The duration for which the class will wait for a response is defined by BrowserResponseTimeout.

Third, the user will interact with the browser to authenticate and grant access to the connecting application. The user will then be redirected back to an embedded web server that was automatically started when GetAuthorization was called. At this time, the ReturnURL event will fire. This event provides an opportunity to provide a custom response to your user that they will see in their browser.

Fourth, the class will then automatically exchange the grant that was returned by the authorization server for the access token using the HTTP endpoint specified in ServerTokenURL.

The authorization is now complete and the GetAuthorization method will return the authorization string. The authorization string can then be used with any of our components by simply setting the returned value to the authorization property before making a request.

The following is a simple example: component.ClientId = "CLIENT_ID"; component.ClientSecret = "CLIENT_ID"; component.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth"; component.ServerTokenURL = "https://accounts.google.com/o/oauth2/token"; HTTP.Authorization = component.GetAuthorization(); HTTP.Get("https://www.googleapis.com/oauth2/v1/userinfo");

Web Profile

The Web profile is applicable to applications that are run on the server side when the user uses the application from a web browser. To authorize your application (client) using this profile, use the following steps:

First, set ClientProfile to ocpWeb. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Set ReturnURL to the page on your site that will be the endpoint the user is redirected back to after authentication.

Second, call GetAuthorizationURL. This will return a URL to which the user should be redirected. Redirect the user to this URL.

Third, after the user authenticates and is returned to the page on your site specified by ReturnURL, parse the "code" query string parameter from the incoming request to get the authorization code from the authorization server. Then, set AuthorizationCode property to the parsed value.

Fourth, after AuthorizationCode is set, call GetAuthorization to exchange the code specified in AuthorizationCode for a token from the server specified by ServerTokenURL. GetAuthorization will then return the authorization string. The authorization string can be used with any of our components by simply setting the returned value to the authorization property before making a request.

Device Profile

The Device profile is applicable to applications that are run on devices for which a web browser cannot be used. For example, a game console would use the Device profile. To authorize your application (client) using the device client profile use the following steps:

First, set ClientProfile to ocpDevice. This defines the profile the class will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Do not set ReturnURL.

Second, call GetAuthorizationURL. The class will automatically make a request to ServerAuthURL to obtain a user code for the device. The GetAuthorizationURL method will return the URL your user must visit from another device or computer that has web browser support. The GetAuthorizationURL method will also populate DeviceUserCode. This device user code must be provided to the user. The user will enter the code at the URL returned by GetAuthorizationURL.

Third, at this time, call GetAuthorization. The class will begin polling the server specified in ServerTokenURL. The polling interval is specified (in seconds) by the PollingInterval setting.

Fourth, after the user has authenticated, the GetAuthorization method will return the authorization string. To use the authorization string with any of our components, simply pass this value to the authorization property before making the request.

Mobile Profile

The Mobile profile is applicable to applications that are run on devices for which a web browser can be used. For instance, a mobile phone or tablet would use the Mobile profile. The behavior when using this profile is very similar to the Application profile. The only difference between the Mobile and Application profiles is the way the browser is launched. When set to the Mobile profile, the LaunchBrowser event will fire but the class will not attempt to launch the browser automatically. The browser must be launched manually from code. This behavior is the only difference between the Mobile and Application profiles. Please read the steps for the Application profile for a more detailed look at the process.

JWT Bearer Token (Server-to-Server) Profile

The JWT (JSON Web Token) Bearer Token profile is available for server-to-server authentication. For instance this may be used by web applications to access a Google service. In this case, the application will access data on behalf of the service account, not the end user. End-user interaction is not required.

First, specify AuthorizationScope ServerTokenURL and JWTServiceProvider.

Second, specify JWT-specific values. The use of the JWT profile also requires additional configuration settings to be specified, including a certificate with private key used to sign the JWT. Either specify the JWTJSONKey configuration setting, which will parse the necessary information automatically, or manually specify the following configuration settings:

• JWTIssuer (required)
• JWTAudience (required)
• JWTCertStoreType (required)
• JWTCertStore (required)
• JWTCertStorePassword (required)
• JWTCertSubject (required)
• JWTSubject
• JWTValidityTime
• JWTSignatureAlgorithm

Example 1. Google: oauth.AuthorizationScope = "https://www.googleapis.com/auth/analytics"; oauth.ServerTokenURL = "https://www.googleapis.com/oauth2/v3/token"; oauth.ClientProfile = OauthClientProfiles.ocpJWT; oauth.Config("JWTServiceProvider=0"); oauth.Config("JWTIssuer=CLIENT_ID"); oauth.Config("JWTAudience=https://www.googleapis.com/oauth2/v3/token"); oauth.Config("JWTCertStoreType=2"); oauth.Config("JWTCertStore=C:\\MyCertificate.p12"); oauth.Config("JWTCertStorePassword=password"); oauth.Config("JWTCertSubject=*"); oauth.Config("JWTValidityTime=5400"); //in seconds string authStr = oauth.GetAuthorization();

Example 2. Microsoft: oauth.ClientId = "Client_Id"; oauth.ClientProfile = OauthClientProfiles.ocpJWT; oauth.AuthorizationScope = "https://graph.microsoft.com/.default"; oauth.ServerTokenURL = "https://login.microsoftonline.com/" + tenant_id + "/oauth2/V2.0/token"; oauth.Config("JWTServiceProvider=1"); oauth.Config("JWTIssuer=" + CLIENT_ID); oauth.Config("JWTSubject=" + CLIENT_ID); oauth.Config("JWTCertStoreType=2"); oauth.Config("JWTCertStore=C:\\MyCertificate.p12"); oauth.Config("JWTCertStorePassword=password"); oauth.Config("JWTCertSubject=*"); oauth.Config("JWTValidityTime=3600"); oauth.Config("JWTAudience=https://login.microsoftonline.com/"+ tenant_id + "/oauth2/V2.0/token"); string authStr = oauth.GetAuthorization();

OpenID.ClientSecret Property

The secret value for the client assigned when registering the application.

Syntax

getClientSecret(): string;
setClientSecret(clientSecret: string): void;

Default Value

""

Remarks

This property holds the secret of the client that was assigned when initially registering the application with the authorization server. This value must be specified before calling GetAuthorization or GetAuthorizationURL.

OpenID.Connected Property

Whether the class is connected.

Syntax

isConnected(): boolean;

Default Value

FALSE

Remarks

This property is used to determine whether or not the class is connected to the remote host. Use the Connect and Disconnect methods to manage the connection.

This property is read-only and not available at design time.

OpenID.Cookies Property

A collection of cookies.

Syntax

getCookies(): HTTPCookieList;
setCookies(cookies: HTTPCookieList): void;

Default Value

Remarks

This property contains a collection of cookies. To add cookies to outgoing HTTP requests, add cookies (of type HTTPCookie) to this collection.

To see cookies that are set by the server, use the SetCookie event, which displays the cookies and their properties as set by the server. Those cookies also are added to Cookies.

MaxHTTPCookies can be used to control the maximum number of cookies saved.

This property is not available at design time.

OpenID.DiscoveryDocDetails Property

Details about the OpenID provider's discovery document.

Syntax

getDiscoveryDocDetails(): DiscoveryDocDetails;

Default Value

Remarks

This property holds details parsed from the discovery document after GetDiscoveryDoc is called. See GetDiscoveryDoc for more details.

This property is read-only and not available at design time.

OpenID.Firewall Property

A set of properties related to firewall access.

Syntax

getFirewall(): Firewall;
setFirewall(firewall: Firewall): void;

Default Value

Remarks

This is a Firewall-type property, which contains fields describing the firewall through which the class will attempt to connect.

OpenID.FollowRedirects Property

Determines what happens when the server issues a redirect.

Syntax

getFollowRedirects(): OpenIDFollowRedirects;
setFollowRedirects(followRedirects: OpenIDFollowRedirects): void;

enum OpenIDFollowRedirects {
  frNever,
  frAlways,
  frSameScheme
}

Default Value

0

Remarks

This property determines what happens when the server issues a redirect. Normally, the class returns an error if the server responds with an "Object Moved" message. If this property is set to frAlways (1), the new URL for the object is retrieved automatically every time.

If this property is set to frSameScheme (2), the new URL is retrieved automatically only if the URLScheme is the same; otherwise, the class .

Note: Following the HTTP specification, unless this property is set to frAlways (1), automatic redirects will be performed only for GET or HEAD requests. Other methods potentially could change the conditions of the initial request and create security vulnerabilities.

Furthermore, if either the new URL server or port are different from the existing one, User and Password are also reset to empty. If, however, this property is set to frAlways (1), the same credentials are used to connect to the new server.

A Redirect event is fired for every URL the product is redirected to. In the case of automatic redirections, the Redirect event is a good place to set properties related to the new connection (e.g., new authentication parameters).

The default value is frNever (0). In this case, redirects are never followed, and the class instead.

OpenID.GrantType Property

The grant type defining the authentication flow.

Syntax

getGrantType(): OpenIDGrantTypes;
setGrantType(grantType: OpenIDGrantTypes): void;

enum OpenIDGrantTypes {
  ogtAuthorizationCode,
  ogtImplicit,
  ogtHybrid
}

Default Value

0

Remarks

This property defines the grant type used when performing authentication. The value specified here controls the authentication flow.

Possible values for GrantType are:

• 0 (Authorization Code - Default)
• 1 (Implicit)
• 2 (Hybrid)

When using 0 (Authorization Code Flow - Default), an authorization code is returned from the ServerAuthURL and the class automatically contacts the ServerTokenURL and exchanges the authorization code for an ID Token and access token.

When using 1 (Implicit Flow), the ServerAuthURL returns an ID Token and access token directly. This is only recommended for implementations that are in-browser, as this potentially exposes the tokens to the end-user and user agent itself.

When using 2 (Hybrid Flow), an authorization code and potentially one or more tokens are returned by the ServerAuthURL. The class will automatically contact the ServerTokenURL to exchange the authorization code for an ID Token and access token.

Additional Notes

The response_type request parameter is automatically set based on the value specified here. In some cases multiple values are acceptable and a default value is chosen automatically. To explicitly specify a response_type value for the chosen grant type set ResponseType after setting this property.

OpenID.Idle Property

The current status of the class.

Syntax

isIdle(): boolean;

Default Value

TRUE

Remarks

This property will be False if the component is currently busy (communicating or waiting for an answer), and True at all other times.

This property is read-only.

OpenID.IdTokenInfo Property

Information about the current ID Token.

Syntax

getIdTokenInfo(): IdTokenInfo;

Default Value

Remarks

This property holds details about the ID Token.

When GetAuthorization is called, this property is populated with the claims from the ID Token.

This property is read-only and not available at design time.

OpenID.LocalHost Property

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

getLocalHost(): string;
setLocalHost(localHost: string): void;

Default Value

""

Remarks

This property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the IP address of an interface will make the class initiate connections (or accept in the case of server classs) only through that interface. It is recommended to provide an IP address rather than a hostname when setting this property to ensure the desired interface is used.

If the class is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

OpenID.OtherHeaders Property

Other headers as determined by the user (optional).

Syntax

getOtherHeaders(): string;
setOtherHeaders(otherHeaders: string): void;

Default Value

""

Remarks

This property can be set to a string of headers to be appended to the HTTP request headers created from other properties like ContentType and From.

The headers must follow the format Header: Value as described in the HTTP specifications. Header lines should be separated by .

Use this property with caution. If this property contains invalid headers, HTTP requests may fail.

This property is useful for extending the functionality of the class beyond what is provided.

This property is not available at design time.

OpenID.Params Property

The parameters to be included in the request to the authorization server or received in the response.

Syntax

getParams(): OAuthParamList;
setParams(params: OAuthParamList): void;

Default Value

Remarks

This property is a collection of query string parameters to be added in the request when creating the authorization URL. This will also hold the parameters returned in the response.

This property is not available at design time.

OpenID.Proxy Property

A set of properties related to proxy access.

Syntax

getProxy(): Proxy;
setProxy(proxy: Proxy): void;

Default Value

Remarks

This property contains fields describing the proxy through which the class will attempt to connect.

OpenID.RefreshToken Property

The refresh token received from or sent to the authorization server.

Syntax

getRefreshToken(): string;
setRefreshToken(refreshToken: string): void;

Default Value

""

Remarks

When GetAuthorization is called, if the authorization server returns a refresh token along with the access token, this property will hold the refresh token. Save this value for later use.

When your access token expires, set this property to the corresponding refresh token. Then call GetAuthorization, and the class will use this token to retrieve a new access token. The new authorization string will be returned by the GetAuthorization method. No user interaction is required when refreshing an access token.

OpenID.ReturnURL Property

The URL where the user (browser) returns after authenticating.

Syntax

getReturnURL(): string;
setReturnURL(returnURL: string): void;

Default Value

""

Remarks

When ClientProfile is set to ocpApplication, this will be automatically set to the address of the local embedded web server. In that case, this property can be inspected to determine the URL where the user will be redirected, but it does not need to be set.

When calling GetAuthorizationURL, which is common when ClientProfile is set to ocpWeb, set this property to the URL on your server where the user will be redirected after authenticating with the authorization server.

This property corresponds to the redirect_uri query string parameter.

OpenID.ServerAuthURL Property

The URL of the authorization server.

Syntax

getServerAuthURL(): string;
setServerAuthURL(serverAuthURL: string): void;

Default Value

""

Remarks

This property specifies the URL of the authorization server used when GetAuthorization is called. This value is used when constructing the URL to which the user will be redirected to authenticate and grant access.

This should be specified before calling GetAuthorization.

OpenID.ServerTokenURL Property

The URL used to obtain the access token.

Syntax

getServerTokenURL(): string;
setServerTokenURL(serverTokenURL: string): void;

Default Value

""

Remarks

The property specifies the URL where the grant will be exchanged for the access token. This is typically a separate HTTP endpoint on the authorization server.

This must be set before calling GetAuthorization.

OpenID.ServerUserInfoURL Property

The URL of the OpenID provider's user info endpoint.

Syntax

getServerUserInfoURL(): string;
setServerUserInfoURL(serverUserInfoURL: string): void;

Default Value

""

Remarks

This property holds the URL of the OpenID provider's user info endpoint. This value is required when calling GetUserInfo.

This property is populated when GetDiscoveryDoc is called.

OpenID.SignerCert Property

The JWT public signer certificate.

Syntax

getSignerCert(): Certificate;
setSignerCert(signerCert: Certificate): void;

Default Value

Remarks

This property specifies the public certificate of JWT signer. When GetAuthorization is called, the returned ID Token is typically signed. The public certificate specified in this property is used to verify the signature.

If this property is not set, the certificate is automatically retrieved from the SignerCertURL.

OpenID.SignerCertURL Property

The URL of the OpenID provider's signing certificate.

Syntax

getSignerCertURL(): string;
setSignerCertURL(signerCertURL: string): void;

Default Value

""

Remarks

This property holds the URL of the OpenID provider's signing certificate. The signing certificate is used to verify the signature of the ID Token returned when calling GetAuthorization.

When calling GetAuthorization either SignerCertURL or SignerCert must be specified.

This property is populated when GetDiscoveryDoc is called.

OpenID.SSLAcceptServerCert Property

Instructs the class to unconditionally accept the server certificate that matches the supplied certificate.

Syntax

getSSLAcceptServerCert(): Certificate;
setSSLAcceptServerCert(SSLAcceptServerCert: Certificate): void;

Default Value

Remarks

If it finds any issues with the certificate presented by the server, the class will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Note: This functionality is provided only for cases in which you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

OpenID.SSLCert Property

The certificate to be used during Secure Sockets Layer (SSL) negotiation.

Syntax

getSSLCert(): Certificate;
setSSLCert(SSLCert: Certificate): void;

Default Value

Remarks

This property includes the digital certificate that the class will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the field to the encoded certificate. To select a certificate, use the store and subject fields.

OpenID.SSLProvider Property

The Secure Sockets Layer/Transport Layer Security (SSL/TLS) implementation to use.

Syntax

getSSLProvider(): OpenIDSSLProviders;
setSSLProvider(SSLProvider: OpenIDSSLProviders): void;

enum OpenIDSSLProviders {
  sslpAutomatic,
  sslpPlatform,
  sslpInternal
}

Default Value

0

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic), the class will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are as follows:

In most cases using the default value (Automatic) is recommended. The class will select a provider depending on the current platform.

When Automatic is selected, the platform implementation will be used by default in all cases in the JavaScript edition.

Note: The internal provider is not support at this time.

OpenID.SSLServerCert Property

The server certificate for the last established connection.

Syntax

getSSLServerCert(): Certificate;

Default Value

Remarks

This property contains the server certificate for the last established connection.

SSLServerCert is reset every time a new connection is attempted.

This property is read-only.

OpenID.State Property

The opaque value used to maintain state between the request and response.

Syntax

getState(): string;
setState(state: string): void;

Default Value

""

Remarks

This property optionally holds a string value which will be returned by the authorization server with the response.

Any value may be specified here and it will be returned exactly as it was sent. This can be used to maintain state within the application, and also may be used for security purposes (for instance to prevent Cross-Site Request Forgery). The contents of this property are treated as an opaque value.

When ClientProfile is set to ocpApplication the ReturnURL event provides the state value returned by the authorization server.

OpenID.Timeout Property

The timeout for the class.

Syntax

getTimeout(): number;
setTimeout(timeout: number): void;

Default Value

60

Remarks

If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

If Timeout is set to a positive value, the class will wait for the operation to complete before returning control.

The class will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If Timeout expires, and the operation is not yet complete, the class .

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

OpenID.TransferredData Property

The contents of the last response from the server.

Syntax

getTransferredData(): Uint8Array;

Default Value

""

Remarks

This property contains the contents of the last response from the server.

TransferredDataLimit controls the maximum amount of data accumulated in TransferredData (by default, there is no limit).

This property is read-only and not available at design time.

OpenID.TransferredHeaders Property

The full set of headers as received from the server.

Syntax

getTransferredHeaders(): string;

Default Value

""

Remarks

This property returns the complete set of raw headers as received from the server.

The Header event shows the individual headers as parsed by the class.

This property is read-only and not available at design time.

OpenID.UsePKCE Property

Whether Proof Key for Code Exchange (PKCE) should be used.

Syntax

isUsePKCE(): boolean;
setUsePKCE(usePKCE: boolean): void;

Default Value

FALSE

Remarks

If specified, Proof Key for Code Exchange (PKCE) defined by RFC 7636 will be used when GetAuthorization is called. This applies when using the Authorization Code GrantType. The PKCEChallengeEncoding configuration setting can be used to control the code challenge method that will be used. When using the ocpWeb ClientProfile, the PKCEVerifier configuration setting can be used to get/set the verifier that was used to generate the challenge. See the PKCEVerifier documentation for more information.

OpenID.UserDetails Property

The claims about the user.

Syntax

getUserDetails(): UserDetails;

Default Value

Remarks

This property holds details about the user.

When GetAuthorization is called this property is populated with the claims from the ID Token.

When GetUserInfo is called this property is populated from the returned claims.

This property is read-only and not available at design time.

OpenID.WebServerPort Property

The local port on which the embedded web server listens.

Syntax

getWebServerPort(): number;
setWebServerPort(webServerPort: number): void;

Default Value

0

Remarks

This property specifies the port on which the embedded web server listens. Setting this to 0 (default) enables the system to choose a port at random. The chosen port will be returned when this setting is queried after the server has started listening. This is applicable only when using the embedded web server.

OpenID.WebServerSSLCert Property

The certificate with the private key to use when a Secure Sockets Layer (SSL) is enabled.

Syntax

getWebServerSSLCert(): Certificate;
setWebServerSSLCert(webServerSSLCert: Certificate): void;

Default Value

Remarks

This property specifies the certificate with the private key to use when the embedded web server is used. This setting is applicable only when WebServerSSLEnabled is set to True.

OpenID.WebServerSSLEnabled Property

Whether the web server requires Secure Sockets Layer (SSL) connections.

Syntax

isWebServerSSLEnabled(): boolean;
setWebServerSSLEnabled(webServerSSLEnabled: boolean): void;

Default Value

FALSE

Remarks

This setting specifies whether the embedded web server uses a Secure Sockets Layer (SSL). If set to True, WebServerSSLCert is required and the server will accept only SSL connections. If set to False, only plaintext connects are supported.

OpenID.addCookie Method

Adds a cookie and the corresponding value to the outgoing request headers.

Syntax

async openid.addCookie(cookieName : string, cookieValue : string): Promise<void>

Remarks

This method adds a cookie and the corresponding value to the outgoing request headers. Please refer to the Cookies property for more information on cookies and how they are managed.

OpenID.addParam Method

Adds a name-value pair to the query string parameters of the outgoing request.

Syntax

async openid.addParam(paramName : string, paramValue : string): Promise<void>

Remarks

This method can be used to add query string parameters to the outgoing request. One common use for this method would be to add the state parameter to the request, which can be used when the ClientProfile is ocpWeb to add user-defined data. The authorization server will include the state parameter in the response and will be available in the post back to your server, which will allow you to maintain state in your application.

OpenID.config Method

Sets or retrieves a configuration setting.

Syntax

async openid.config(configurationString : string): Promise<string>

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

OpenID.doEvents Method

This method processes events from the internal message queue.

Syntax

async openid.doEvents(): Promise<void>

Remarks

When DoEvents is called, the class processes any available events. If no events are available, it waits for a preset period of time, and then returns.

OpenID.getAuthorization Method

Gets the authorization string required to access the protected resource.

Syntax

async openid.getAuthorization(): Promise<string>

Remarks

GetAuthorization performs several operations automatically depending on the value of ClientProfile. Please see the introduction section for the OpenID class for a detailed overview of the typical scenarios.

After authorization is complete, UserDetails will be populated with the claims parsed from the ID Token. This method also returns an authorization string. The authorization string grants access to additional resources as requested via the AuthorizationScope property. If access to another resource was requested, then the access token returned here may be set in the Authorization property of any other class (or passed as the value of the HTTP Authorization header).

GetUserInfo may be called after calling this method.

The following properties are applicable when calling this method:

• ClientId (required)
• ClientSecret (required)
• ServerAuthURL (required - populated by GetDiscoveryDoc.)
• ServerTokenURL (required - populated by GetDiscoveryDoc.)
• SignerCertURL (conditional - populated by GetDiscoveryDoc. Required if SignerCert is not set.)
• SignerCert (conditional - required if SignerCertURL is not set.)
• AuthorizationScope
• ClientProfile
• GrantType
• Params
• RefreshToken
• ReturnURL
• State
• Timeout
• Display
• Prompt
• IdTokenHint
• LoginHint
• ResponseType

OpenID.getAuthorizationURL Method

Builds and returns the URL to which the user should be redirected for authorization.

Syntax

async openid.getAuthorizationURL(): Promise<string>

Remarks

When this method is called, the class will return the URL used for authorization. The class will not make any connections, but instead it will return the URL to you so that you may redirect the user to this location. This is useful when ClientProfile is set to ocpWeb. Before calling this method, set the following:

• ClientId
• ClientSecret
• ReturnURL
• AuthorizationScope (optional)

OpenID.getDiscoveryDoc Method

Gets the OpenID Discovery Document.

Syntax

async openid.getDiscoveryDoc(URL : string): Promise<void>

Remarks

This method gets the OpenID Connect Discovery Document specified by the URL parameter and parses the response. The discover document contains details about the OpenID Provider configuration including endpoint URLs, supported claims and response types, and more.

The discovery document URL is typically published by an OpenID Provider (OP) and must be known before calling this method. The format of the URL is standardized and typically takes the form:

https://www.youropenidserver.com/.well-known/openid-configuration

Call GetDiscoveryDoc before calling GetAuthorization to populate the class properties with information required to complete the authorization. The retrieved information includes endpoint URLs as well as the OpenID public certificates used to verify the signature on the ID Token. After calling this method the following properties are populated:

• ServerAuthURL
• ServerTokenURL
• ServerUserInfoURL
• SignerCertURL

The above values may be stored, and later populated from the stored values, to avoid the requirement of calling GetDiscoveryDoc on subsequent authorization requests.

The following discovery document fields are populated after GetDiscoveryDoc returns:

• DiscoveryDocDetailsAuthorizationURL
• DiscoveryDocDetailsClaimsParamSupported
• DiscoveryDocDetailsIssuer
• DiscoveryDocDetailsSignerCertURL
• DiscoveryDocDetailsRegistrationURL
• DiscoveryDocDetailsServiceDocsURL
• DiscoveryDocDetailsSupportedClaims
• DiscoveryDocDetailsSupportedDisplays
• DiscoveryDocDetailsSupportedGrantTypes
• DiscoveryDocDetailsSupportedResponseTypes
• DiscoveryDocDetailsSupportedScopes
• DiscoveryDocDetailsTokenURL
• DiscoveryDocDetailsUserInfoURL

To access values not automatically parsed by the class the XPath configuration setting may be set to retrieve a specific value. Alternatively the RawJSON setting returns the entire JSON document which may be parsed separately.

OpenID.getParam Method

Gets a specific parameter from a query string.

Syntax

async openid.getParam(paramName : string): Promise<string>

Remarks

This method can be used to get a specific parameter from a query string.

For example, when using the ocpApplication profile, this method can be used in the ReturnURL event to query the parameters that are returned from the authorization server. Then, it can be called after GetAuthorization completes to query the parameters that the token server responded with.

string authorizationString = oauth.GetAuthorization(); string stateValue = oauth.GetParam("state");

OpenID.getUserInfo Method

Retrieves claims about the user.

Syntax

async openid.getUserInfo(): Promise<void>

Remarks

This method retrieves claims about the user. Before calling the GetUserInfo method, a successful call to GetAuthorization must be made. The access token returned by GetAuthorization is used by the OpenID provider at ServerUserInfoURL to identify the user for which claims are being retrieved.

When this method is called the class requests the claims about the user from the ServerUserInfoURL. The resulting claims are available in the UserDetails property.

Note: The GetUserInfo method will populate the UserDetails property with the claims returned in the ID Token during the authorization process. This method may not need to be called in order to access the desired claims about the user.

openid.GetUserInfo(); // ... use the user info in the remainder of your application ...

OpenID.interrupt Method

This method interrupts the current method.

Syntax

async openid.interrupt(): Promise<void>

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

OpenID.reset Method

This method will reset the class.

Syntax

async openid.reset(): Promise<void>

Remarks

This method will reset the class's properties to their default values.

OpenID.startWebServer Method

Starts the embedded web server.

Syntax

async openid.startWebServer(): Promise<void>

Remarks

This method starts the embedded web server. This method can be used to manually start the embedded web server. Under normal circumstances, this is not needed as the component will automatically start and stop the web server when GetAuthorization is called. You may decide, however, to start the web server manually before calling GetAuthorization. When called, this method will also populate ReturnURL with the address of the embedded server.

OpenID.stopWebServer Method

Stops the embedded web server.

Syntax

async openid.stopWebServer(): Promise<void>

Remarks

This method stops the embedded web server. Under normal circumstances, the web server will be stopped automatically during the authorization process when GetAuthorization is called. If ReUseWebServer is set to True, the server will not be automatically stopped, and this method must be called to stop the embedded web server.

OpenID.Connected Event

Fired immediately after a connection completes (or fails).

Syntax

openid.on('Connected', listener: (e: {readonly statusCode: number, readonly description: string}) => void )

Remarks

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection fails, StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error.

Please refer to the Error Codes section for more information.

OpenID.ConnectionStatus Event

Fired to indicate changes in the connection state.

Syntax

openid.on('ConnectionStatus', listener: (e: {readonly connectionEvent: string, readonly statusCode: number, readonly description: string}) => void )

Remarks

This event is fired when the connection state changes: for example, completion of a firewall or proxy connection or completion of a security handshake.

The ConnectionEvent parameter indicates the type of connection event. Values may include the following:

OpenID.Disconnected Event

Fired when a connection is closed.

Syntax

openid.on('Disconnected', listener: (e: {readonly statusCode: number, readonly description: string}) => void )

Remarks

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode has the error code returned by the Transmission Control Protocol (TCP/IP) subsystem. Description contains a description of this code. The value of StatusCode is equal to the value of the TCP/IP error.

Please refer to the Error Codes section for more information.

OpenID.EndTransfer Event

Fired when a document finishes transferring.

Syntax

openid.on('EndTransfer', listener: (e: {readonly direction: number}) => void )

Remarks

This event is fired first when the client finishes sending data to the server (in a POST or PUT request) and then when the document text finishes transferring from the server to the local host.

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

OpenID.Error Event

Fired when information is available about errors during data delivery.

Syntax

openid.on('Error', listener: (e: {readonly errorCode: number, readonly description: string}) => void )

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class .

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

OpenID.Header Event

Fired every time a header line comes in.

Syntax

openid.on('Header', listener: (e: {readonly field: string, readonly value: string}) => void )

Remarks

The Field parameter contains the name of the HTTP header (which is the same as it is delivered). The Value parameter contains the header contents.

If the header line being retrieved is a continuation header line, then the Field parameter contains "" (empty string).

OpenID.LaunchBrowser Event

Fires before launching a browser with the authorization URL.

Syntax

openid.on('LaunchBrowser', listener: (e: {URL: string, command: string}) => void )

Remarks

When the ClientProfile property is set to ocpApplication and GetAuthorization is called, the class will fire this event with the Command, which will be executed by the class. The URL parameter will be the authorization URL that the user will be directed to authenticate.

Within this event, you may override the current value of either Command or URL and provide your own value. If Command is set to an empty string, the class will not attempt to launch the browser and instead you will be responsible for directing the user to the authorization URL specified by the URL parameter.

In Windows, ShellExecute is used to execute Command, which limits the verbs available for use in Command to:

• edit
• explore
• find
• open
• print

OpenID.Log Event

Fired once for each log message.

Syntax

openid.on('Log', listener: (e: {readonly logLevel: number, readonly message: string, readonly logType: string}) => void )

Remarks

This event is fired once for each log message generated by the class. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the level of message. Possible values are as follows:

The value 1 (Info) logs basic information, including the URL, HTTP version, and status details.

The value 2 (Verbose) logs additional information about the request and response.

The value 3 (Debug) logs the headers and body for both the request and response, as well as additional debug information (if any).

Message is the log entry.

LogType identifies the type of log entry. Possible values are as follows:

• "Info"
• "RequestHeaders"
• "ResponseHeaders"
• "RequestBody"
• "ResponseBody"
• "ProxyRequest"
• "ProxyResponse"
• "FirewallRequest"
• "FirewallResponse"

OpenID.Redirect Event

Fired when a redirection is received from the server.

Syntax

openid.on('Redirect', listener: (e: {readonly location: string, accept: boolean}) => void )

Remarks

This event is fired in cases in which the client can decide whether or not to continue with the redirection process. The Accept parameter is always True by default, but if you do not want to follow the redirection, Accept may be set to False, in which case the class . Location is the location to which the client is being redirected. Further control over redirection is provided in the FollowRedirects property.

OpenID.ReturnURL Event

Fired when the user is redirected to the embedded web server.

Syntax

openid.on('ReturnURL', listener: (e: {readonly URLPath: string, readonly queryString: string, readonly state: string, responseHeaders: string, responseBody: string}) => void )

Remarks

When ClientProfile is set to ocpApplication and the embedded web server is used (default), this event will fire when the user is redirected from authorization server back to the local embedded web server. The event provides an opportunity to set the ResponseHeaders and ResponseBody and provide a custom response that the user will see in their browser.

URLPath and QueryString are informational parameters that show the values sent by the authorization server.

State holds the value of the state parameter that was originally sent with the authorization request. This may be used to maintain state between the request and response. See State for more details.

OpenID.SetCookie Event

Fired for every cookie set by the server.

Syntax

openid.on('SetCookie', listener: (e: {readonly name: string, readonly value: string, readonly expires: string, readonly domain: string, readonly path: string, readonly secure: boolean}) => void )

Remarks

This event is fired for every Set-Cookie: header received from the HTTP server.

The Name parameter contains the name of the cookie, with the corresponding value supplied in the Value parameter.

The Expires parameter contains an expiration time for the cookie (if provided by the server). The time format used is "Weekday, DD-Mon-YY HH:MM:SS GMT". If the server does not provide an expiration time, the Expires parameter will be an empty string. In this case, the convention is to drop the cookie at the end of the session.

The Domain parameter contains a domain name to limit the cookie to (if provided by the server). If the server does not provide a domain name, the Domain parameter will be an empty string. The convention in this case is to use the server specified in the URL (URLServer) as the cookie domain.

The Path parameter contains a path name to limit the cookie to (if provided by the server). If the server does not provide a cookie path, the Path parameter will be an empty string. The convention in this case is to use the path specified in the URL (URLPath) as the cookie path.

The Secure parameter specifies whether the cookie is secure. If the value of this parameter is True, the cookie value must be submitted only through a secure (HTTPS) connection.

OpenID.SSLServerAuthentication Event

Fired after the server presents its certificate to the client.

Syntax

openid.on('SSLServerAuthentication', listener: (e: {readonly certEncoded: string, readonly certEncodedB: Uint8Array, readonly certSubject: string, readonly certIssuer: string, readonly status: string, accept: boolean}) => void )

Remarks

This event fires with information about the server certificate. The Status property shows why verification failed (otherwise, Status contains the string OK). To manually accept an untrusted certificate, the SSLAcceptAnyServerCert setting must be set to True before initiating the connection.

OpenID.SSLStatus Event

Fired when secure connection progress messages are available.

Syntax

openid.on('SSLStatus', listener: (e: {readonly message: string}) => void )

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

OpenID.StartTransfer Event

Fired when a document starts transferring (after the headers).

Syntax

openid.on('StartTransfer', listener: (e: {readonly direction: number}) => void )

Remarks

This event is fired first when the client starts sending data to the server (in a POST or PUT request) and then when the document text starts transferring from the server to the local host.

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

OpenID.Status Event

Fired when the HTTP status line is received from the server.

Syntax

openid.on('Status', listener: (e: {readonly HTTPVersion: string, readonly statusCode: number, readonly description: string}) => void )

Remarks

HTTPVersion is a string containing the HTTP version string as returned from the server (e.g., "1.1").

StatusCode contains the HTTP status code (e.g., 200), and Description the associated message returned by the server (e.g., "OK").

OpenID.Transfer Event

Fired while a document transfers (delivers document).

Syntax

openid.on('Transfer', listener: (e: {readonly direction: number, readonly bytesTransferred: number, readonly percentDone: number, readonly text: string, readonly textB: Uint8Array}) => void )

Remarks

The Text parameter contains the portion of the document text being received. It is empty if data are being posted to the server.

The BytesTransferred parameter contains the number of bytes transferred in this Direction since the beginning of the document text (excluding HTTP response headers).

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

The PercentDone parameter shows the progress of the transfer in the corresponding direction. If PercentDone can not be calculated the value will be -1.

Note: Events are not re-entrant. Performing time-consuming operations within this event will prevent it from firing again in a timely manner and may affect overall performance.

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

Constructors

public Certificate();

public Certificate(String certificateFile);

public Certificate(byte[] encoded);

public Certificate(int storeType, String store, String storePassword, String subject);

public Certificate(int storeType, String store, String storePassword, String subject, String configurationString);

public Certificate(int storeType, String store, String storePassword, byte[] encoded);

public Certificate(int storeType, byte[] store, String storePassword, String subject);

public Certificate(int storeType, byte[] store, String storePassword, String subject, String configurationString);

public Certificate(int storeType, byte[] store, String storePassword, byte[] encoded);

DiscoveryDocDetails Type

Details about the OpenID provider's discovery document.

Remarks

The fields of this type correspond to metadata details from an OpenID provider's discovery document.

Fields

Constructors

public DiscoveryDocDetails();

Firewall Type

The firewall the class will connect through.

Remarks

When connecting through a firewall, this type is used to specify different properties of the firewall, such as the firewall and the .

Fields

Constructors

public Firewall();

HTTPCookie Type

An HTTP cookie can be either sent to or received from the server.

Remarks

An HTTP cookie can store the cookies that are to be sent to the server. It also may store the cookies sent by the server.

Cookies that are to be sent to the server must have the and fields supplied before submitting the URL. When the SetCookie event is fired, however, all of the fields of an HTTPCookie are filled out accordingly.

Fields

Constructors

public HTTPCookie();

public HTTPCookie(String name, String value);

IdTokenInfo Type

This type holds details about an ID Token.

Remarks

The fields of this type correspond to claims from the ID Token.

Fields

Constructors

public IdTokenInfo();

OAuthParam Type

This is the parameter to be used in the request or received in the response.

Remarks

This type describes a parameter that is used in a request or received in the response.

Fields

Constructors

public OAuthParam();

public OAuthParam(String name, String value);

Proxy Type

The proxy the class will connect to.

Remarks

When connecting through a proxy, this type is used to specify different properties of the proxy, such as the and the .

Fields

Constructors

public Proxy();

public Proxy(String server, int port);

public Proxy(String server, int port, String user, String password);

UserDetails Type

This type holds details about the user.

Remarks

The fields of this type correspond to claims about the user.

Fields

Constructors

public UserDetails();

Config Settings (class ipworksauth.openid)

OpenID Config Settings

<firstlevel>
  <one>value</one>
  <two>
    <item>first</item>
    <item>second</item>
  </two>
  <three>value three</three>
</firstlevel>

{
  "firstlevel": {
    "one": "value",
    "two": ["first", "second"],
    "three": "value three"
  }
}

OAuth Config Settings

HTTP Config Settings

TCPClient Config Settings

Socket Config Settings

Base Config Settings

Trappable Errors (class ipworksauth.openid)

OpenID Errors

HTTP Errors

TCPClient Errors

TCP/IP Errors