SMARTapplaunchmultiserverauthentication, published by HL7. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-multi-auth/ and changes regularly. See the Directory of published versions
Draft as of 2024-12-09 |
{
"resourceType" : "CodeSystem",
"id" : "smart-auth-information-CodeSystem",
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: CodeSystem smart-auth-information-CodeSystem</b></p><a name=\"smart-auth-information-CodeSystem\"> </a><a name=\"hcsmart-auth-information-CodeSystem\"> </a><a name=\"smart-auth-information-CodeSystem-en-US\"> </a><p>This code system <code>http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem</code> defines the following codes in an undefined hierarchy:</p><table class=\"codes\"><tr><td><b>Lvl</b></td><td style=\"white-space:nowrap\"><b>Code</b></td><td><b>Display</b></td></tr><tr><td>1</td><td style=\"white-space:nowrap\">endpoint-capabilities<a name=\"smart-auth-information-CodeSystem-endpoint-capabilities\"> </a></td><td>Endpoint Capabilities</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0smart-app-state<a name=\"smart-auth-information-CodeSystem-smart-app-state\"> </a></td><td>Endpoint storing smart app state resources</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">capability<a name=\"smart-auth-information-CodeSystem-capability\"> </a></td><td>Capabilities of the server</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0launch-ehr<a name=\"smart-auth-information-CodeSystem-launch-ehr\"> </a></td><td>support for SMART’s EHR Launch mode</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0launch-standalone<a name=\"smart-auth-information-CodeSystem-launch-standalone\"> </a></td><td>support for SMART’s Standalone Launch mode</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0authorize-post<a name=\"smart-auth-information-CodeSystem-authorize-post\"> </a></td><td>support for POST-based authorization</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client-public<a name=\"smart-auth-information-CodeSystem-client-public\"> </a></td><td>support for SMART’s public client profile (no client authentication)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client-confidential-symmetric<a name=\"smart-auth-information-CodeSystem-client-confidential-symmetric\"> </a></td><td>support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client-confidential-asymmetric<a name=\"smart-auth-information-CodeSystem-client-confidential-asymmetric\"> </a></td><td>support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0sso-openid-connect<a name=\"smart-auth-information-CodeSystem-sso-openid-connect\"> </a></td><td>support for SMART’s OpenID Connect profile</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-banner<a name=\"smart-auth-information-CodeSystem-context-banner\"> </a></td><td>support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-style<a name=\"smart-auth-information-CodeSystem-context-style\"> </a></td><td>support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-ehr-patient<a name=\"smart-auth-information-CodeSystem-context-ehr-patient\"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-ehr-encounter<a name=\"smart-auth-information-CodeSystem-context-ehr-encounter\"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-standalone-patient<a name=\"smart-auth-information-CodeSystem-context-standalone-patient\"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-standalone-encounter<a name=\"smart-auth-information-CodeSystem-context-standalone-encounter\"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-offline<a name=\"smart-auth-information-CodeSystem-permission-offline\"> </a></td><td>support for “offline” refresh tokens (requested by offline_access scope)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-online<a name=\"smart-auth-information-CodeSystem-permission-online\"> </a></td><td>support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context).</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-patient<a name=\"smart-auth-information-CodeSystem-permission-patient\"> </a></td><td>support for patient-level scopes (e.g., patient/Observation.rs)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-user<a name=\"smart-auth-information-CodeSystem-permission-user\"> </a></td><td>support for user-level scopes (e.g., user/Appointment.rs)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-v1<a name=\"smart-auth-information-CodeSystem-permission-v1\"> </a></td><td>support for SMARTv1 scope syntax (e.g., patient/Observation.read)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-v2<a name=\"smart-auth-information-CodeSystem-permission-v2\"> </a></td><td>support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0launch-token<a name=\"smart-auth-information-CodeSystem-launch-token\"> </a></td><td>support for issuing launch tokens.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange-openid<a name=\"smart-auth-information-CodeSystem-token-exchange-openid\"> </a></td><td>support for token exchange using an open id token</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange-accesstoken<a name=\"smart-auth-information-CodeSystem-token-exchange-accesstoken\"> </a></td><td>support for token exchange using an access token</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange-launchtoken<a name=\"smart-auth-information-CodeSystem-token-exchange-launchtoken\"> </a></td><td>support for token exchange using a launch token</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">grant-type<a name=\"smart-auth-information-CodeSystem-grant-type\"> </a></td><td>Lists the grant-types supported</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0authorization_code<a name=\"smart-auth-information-CodeSystem-authorization_code\"> </a></td><td>when SMART App Launch is supported</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client_credentials<a name=\"smart-auth-information-CodeSystem-client_credentials\"> </a></td><td>Indicates upport for SMART Backend Services.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0urn:ietf:params:oauth:grant-type:token-exchange<a name=\"smart-auth-information-CodeSystem-urn.58ietf.58params.58oauth.58grant-type.58token-exchange\"> </a></td><td>Indicates support for token-exchange according to RFC8693</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">token_endpoint_auth_methods<a name=\"smart-auth-information-CodeSystem-token_endpoint_auth_methods\"> </a></td><td>Supported token endpoints</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client_secret_post<a name=\"smart-auth-information-CodeSystem-client_secret_post\"> </a></td><td/></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client_secret_basic<a name=\"smart-auth-information-CodeSystem-client_secret_basic\"> </a></td><td/></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0private_key_jwt<a name=\"smart-auth-information-CodeSystem-private_key_jwt\"> </a></td><td/></tr><tr><td>1</td><td style=\"white-space:nowrap\">smart_associated_endpoints<a name=\"smart-auth-information-CodeSystem-smart_associated_endpoints\"> </a></td><td>Smart associated_endpoints capabilities</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-reuse<a name=\"smart-auth-information-CodeSystem-token-reuse\"> </a></td><td>Authorization credentials can be retrieved by retrieving a access token for multiple audiences.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange<a name=\"smart-auth-information-CodeSystem-token-exchange\"> </a></td><td>Authorization credentials can be retrieved using token exchange.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0smart-open-id-connect<a name=\"smart-auth-information-CodeSystem-smart-open-id-connect\"> </a></td><td>Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions.</td></tr></table></div>"
},
"url" : "http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem",
"version" : "0.1.0",
"name" : "SmartAuthInformationCodeSystem",
"title" : "Codes for SMART authorization",
"status" : "draft",
"date" : "2024-12-09T20:45:55+00:00",
"publisher" : "HL7",
"contact" : [
{
"name" : "HL7",
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/fhiri"
}
]
},
{
"name" : "HL7 International / FHIR infrastructure",
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/fiwg/index.cfm"
}
]
},
{
"name" : "Bas van den Heuvel",
"telecom" : [
{
"system" : "email",
"value" : "bas.van.den.heuvel@philips.com",
"use" : "work"
}
]
}
],
"description" : "-",
"content" : "complete",
"count" : 38,
"concept" : [
{
"code" : "endpoint-capabilities",
"display" : "Endpoint Capabilities",
"concept" : [
{
"code" : "smart-app-state",
"display" : "Endpoint storing smart app state resources"
}
]
},
{
"code" : "capability",
"display" : "Capabilities of the server",
"concept" : [
{
"code" : "launch-ehr",
"display" : "support for SMART’s EHR Launch mode"
},
{
"code" : "launch-standalone",
"display" : "support for SMART’s Standalone Launch mode"
},
{
"code" : "authorize-post",
"display" : "support for POST-based authorization"
},
{
"code" : "client-public",
"display" : "support for SMART’s public client profile (no client authentication)"
},
{
"code" : "client-confidential-symmetric",
"display" : "support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric."
},
{
"code" : "client-confidential-asymmetric",
"display" : "support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric."
},
{
"code" : "sso-openid-connect",
"display" : "support for SMART’s OpenID Connect profile"
},
{
"code" : "context-banner",
"display" : "support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)"
},
{
"code" : "context-style",
"display" : "support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch"
},
{
"code" : "context-ehr-patient",
"display" : "support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"
},
{
"code" : "context-ehr-encounter",
"display" : "support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch"
},
{
"code" : "context-standalone-patient",
"display" : "support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"
},
{
"code" : "context-standalone-encounter",
"display" : "support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions"
},
{
"code" : "permission-offline",
"display" : "support for “offline” refresh tokens (requested by offline_access scope)"
},
{
"code" : "permission-online",
"display" : "support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context)."
},
{
"code" : "permission-patient",
"display" : "support for patient-level scopes (e.g., patient/Observation.rs)"
},
{
"code" : "permission-user",
"display" : "support for user-level scopes (e.g., user/Appointment.rs)"
},
{
"code" : "permission-v1",
"display" : "support for SMARTv1 scope syntax (e.g., patient/Observation.read)"
},
{
"code" : "permission-v2",
"display" : "support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)"
},
{
"code" : "launch-token",
"display" : "support for issuing launch tokens."
},
{
"code" : "token-exchange-openid",
"display" : "support for token exchange using an open id token"
},
{
"code" : "token-exchange-accesstoken",
"display" : "support for token exchange using an access token"
},
{
"code" : "token-exchange-launchtoken",
"display" : "support for token exchange using a launch token"
}
]
},
{
"code" : "grant-type",
"display" : "Lists the grant-types supported",
"concept" : [
{
"code" : "authorization_code",
"display" : "when SMART App Launch is supported"
},
{
"code" : "client_credentials",
"display" : "Indicates upport for SMART Backend Services."
},
{
"code" : "urn:ietf:params:oauth:grant-type:token-exchange",
"display" : "Indicates support for token-exchange according to RFC8693"
}
]
},
{
"code" : "token_endpoint_auth_methods",
"display" : "Supported token endpoints",
"concept" : [
{
"code" : "client_secret_post"
},
{
"code" : "client_secret_basic"
},
{
"code" : "private_key_jwt"
}
]
},
{
"code" : "smart_associated_endpoints",
"display" : "Smart associated_endpoints capabilities",
"concept" : [
{
"code" : "token-reuse",
"display" : "Authorization credentials can be retrieved by retrieving a access token for multiple audiences."
},
{
"code" : "token-exchange",
"display" : "Authorization credentials can be retrieved using token exchange."
},
{
"code" : "smart-open-id-connect",
"display" : "Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions."
}
]
}
]
}