0.1.0 - ci-build

SMARTapplaunchmultiserverauthentication, published by HL7. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-multi-auth/ and changes regularly. See the Directory of published versions

CodeSystem: Codes for SMART authorization

Official URL: http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem Version: 0.1.0
Draft as of 2024-12-09 Computable Name: SmartAuthInformationCodeSystem

This Code system is referenced in the content logical definition of the following value sets:

Generated Narrative: CodeSystem smart-auth-information-CodeSystem

This code system http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem defines the following codes in an undefined hierarchy:

LvlCodeDisplay
1 endpoint-capabilities Endpoint Capabilities
2   smart-app-state Endpoint storing smart app state resources
1 capability Capabilities of the server
2   launch-ehr support for SMART’s EHR Launch mode
2   launch-standalone support for SMART’s Standalone Launch mode
2   authorize-post support for POST-based authorization
2   client-public support for SMART’s public client profile (no client authentication)
2   client-confidential-symmetric support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric.
2   client-confidential-asymmetric support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric.
2   sso-openid-connect support for SMART’s OpenID Connect profile
2   context-banner support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)
2   context-style support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch
2   context-ehr-patient support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)
2   context-ehr-encounter support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch
2   context-standalone-patient support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)
2   context-standalone-encounter support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions
2   permission-offline support for “offline” refresh tokens (requested by offline_access scope)
2   permission-online support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context).
2   permission-patient support for patient-level scopes (e.g., patient/Observation.rs)
2   permission-user support for user-level scopes (e.g., user/Appointment.rs)
2   permission-v1 support for SMARTv1 scope syntax (e.g., patient/Observation.read)
2   permission-v2 support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)
2   launch-token support for issuing launch tokens.
2   token-exchange-openid support for token exchange using an open id token
2   token-exchange-accesstoken support for token exchange using an access token
2   token-exchange-launchtoken support for token exchange using a launch token
1 grant-type Lists the grant-types supported
2   authorization_code when SMART App Launch is supported
2   client_credentials Indicates upport for SMART Backend Services.
2   urn:ietf:params:oauth:grant-type:token-exchange Indicates support for token-exchange according to RFC8693
1 token_endpoint_auth_methods Supported token endpoints
2   client_secret_post
2   client_secret_basic
2   private_key_jwt
1 smart_associated_endpoints Smart associated_endpoints capabilities
2   token-reuse Authorization credentials can be retrieved by retrieving a access token for multiple audiences.
2   token-exchange Authorization credentials can be retrieved using token exchange.
2   smart-open-id-connect Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions.