0.1.0 - ci-build

SMARTapplaunchmultiserverauthentication, published by HL7. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-multi-auth/ and changes regularly. See the Directory of published versions

: Codes for SMART authorization - JSON Representation

Draft as of 2024-12-09

Raw json | Download

{
  "resourceType" : "CodeSystem",
  "id" : "smart-auth-information-CodeSystem",
  "text" : {
    "status" : "generated",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: CodeSystem smart-auth-information-CodeSystem</b></p><a name=\"smart-auth-information-CodeSystem\"> </a><a name=\"hcsmart-auth-information-CodeSystem\"> </a><a name=\"smart-auth-information-CodeSystem-en-US\"> </a><p>This  code system <code>http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem</code> defines the following codes in an undefined hierarchy:</p><table class=\"codes\"><tr><td><b>Lvl</b></td><td style=\"white-space:nowrap\"><b>Code</b></td><td><b>Display</b></td></tr><tr><td>1</td><td style=\"white-space:nowrap\">endpoint-capabilities<a name=\"smart-auth-information-CodeSystem-endpoint-capabilities\"> </a></td><td>Endpoint Capabilities</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0smart-app-state<a name=\"smart-auth-information-CodeSystem-smart-app-state\"> </a></td><td>Endpoint storing smart app state resources</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">capability<a name=\"smart-auth-information-CodeSystem-capability\"> </a></td><td>Capabilities of the server</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0launch-ehr<a name=\"smart-auth-information-CodeSystem-launch-ehr\"> </a></td><td>support for SMART’s EHR Launch mode</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0launch-standalone<a name=\"smart-auth-information-CodeSystem-launch-standalone\"> </a></td><td>support for SMART’s Standalone Launch mode</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0authorize-post<a name=\"smart-auth-information-CodeSystem-authorize-post\"> </a></td><td>support for POST-based authorization</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client-public<a name=\"smart-auth-information-CodeSystem-client-public\"> </a></td><td>support for SMART’s public client profile (no client authentication)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client-confidential-symmetric<a name=\"smart-auth-information-CodeSystem-client-confidential-symmetric\"> </a></td><td>support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client-confidential-asymmetric<a name=\"smart-auth-information-CodeSystem-client-confidential-asymmetric\"> </a></td><td>support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0sso-openid-connect<a name=\"smart-auth-information-CodeSystem-sso-openid-connect\"> </a></td><td>support for SMART’s OpenID Connect profile</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-banner<a name=\"smart-auth-information-CodeSystem-context-banner\"> </a></td><td>support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-style<a name=\"smart-auth-information-CodeSystem-context-style\"> </a></td><td>support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-ehr-patient<a name=\"smart-auth-information-CodeSystem-context-ehr-patient\"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-ehr-encounter<a name=\"smart-auth-information-CodeSystem-context-ehr-encounter\"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-standalone-patient<a name=\"smart-auth-information-CodeSystem-context-standalone-patient\"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0context-standalone-encounter<a name=\"smart-auth-information-CodeSystem-context-standalone-encounter\"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-offline<a name=\"smart-auth-information-CodeSystem-permission-offline\"> </a></td><td>support for “offline” refresh tokens (requested by offline_access scope)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-online<a name=\"smart-auth-information-CodeSystem-permission-online\"> </a></td><td>support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context).</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-patient<a name=\"smart-auth-information-CodeSystem-permission-patient\"> </a></td><td>support for patient-level scopes (e.g., patient/Observation.rs)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-user<a name=\"smart-auth-information-CodeSystem-permission-user\"> </a></td><td>support for user-level scopes (e.g., user/Appointment.rs)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-v1<a name=\"smart-auth-information-CodeSystem-permission-v1\"> </a></td><td>support for SMARTv1 scope syntax (e.g., patient/Observation.read)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0permission-v2<a name=\"smart-auth-information-CodeSystem-permission-v2\"> </a></td><td>support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0launch-token<a name=\"smart-auth-information-CodeSystem-launch-token\"> </a></td><td>support for issuing launch tokens.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange-openid<a name=\"smart-auth-information-CodeSystem-token-exchange-openid\"> </a></td><td>support for token exchange using an open id token</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange-accesstoken<a name=\"smart-auth-information-CodeSystem-token-exchange-accesstoken\"> </a></td><td>support for token exchange using an access token</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange-launchtoken<a name=\"smart-auth-information-CodeSystem-token-exchange-launchtoken\"> </a></td><td>support for token exchange using a launch token</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">grant-type<a name=\"smart-auth-information-CodeSystem-grant-type\"> </a></td><td>Lists the grant-types supported</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0authorization_code<a name=\"smart-auth-information-CodeSystem-authorization_code\"> </a></td><td>when SMART App Launch is supported</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client_credentials<a name=\"smart-auth-information-CodeSystem-client_credentials\"> </a></td><td>Indicates upport for SMART Backend Services.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0urn:ietf:params:oauth:grant-type:token-exchange<a name=\"smart-auth-information-CodeSystem-urn.58ietf.58params.58oauth.58grant-type.58token-exchange\"> </a></td><td>Indicates support for token-exchange according to RFC8693</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">token_endpoint_auth_methods<a name=\"smart-auth-information-CodeSystem-token_endpoint_auth_methods\"> </a></td><td>Supported token endpoints</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client_secret_post<a name=\"smart-auth-information-CodeSystem-client_secret_post\"> </a></td><td/></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0client_secret_basic<a name=\"smart-auth-information-CodeSystem-client_secret_basic\"> </a></td><td/></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0private_key_jwt<a name=\"smart-auth-information-CodeSystem-private_key_jwt\"> </a></td><td/></tr><tr><td>1</td><td style=\"white-space:nowrap\">smart_associated_endpoints<a name=\"smart-auth-information-CodeSystem-smart_associated_endpoints\"> </a></td><td>Smart associated_endpoints capabilities</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-reuse<a name=\"smart-auth-information-CodeSystem-token-reuse\"> </a></td><td>Authorization credentials can be retrieved by retrieving a access token for multiple audiences.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0token-exchange<a name=\"smart-auth-information-CodeSystem-token-exchange\"> </a></td><td>Authorization credentials can be retrieved using token exchange.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\">\u00a0\u00a0smart-open-id-connect<a name=\"smart-auth-information-CodeSystem-smart-open-id-connect\"> </a></td><td>Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions.</td></tr></table></div>"
  },
  "url" : "http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem",
  "version" : "0.1.0",
  "name" : "SmartAuthInformationCodeSystem",
  "title" : "Codes for SMART authorization",
  "status" : "draft",
  "date" : "2024-12-09T20:45:55+00:00",
  "publisher" : "HL7",
  "contact" : [
    {
      "name" : "HL7",
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/fhiri"
        }
      ]
    },
    {
      "name" : "HL7 International / FHIR infrastructure",
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/fiwg/index.cfm"
        }
      ]
    },
    {
      "name" : "Bas van den Heuvel",
      "telecom" : [
        {
          "system" : "email",
          "value" : "bas.van.den.heuvel@philips.com",
          "use" : "work"
        }
      ]
    }
  ],
  "description" : "-",
  "content" : "complete",
  "count" : 38,
  "concept" : [
    {
      "code" : "endpoint-capabilities",
      "display" : "Endpoint Capabilities",
      "concept" : [
        {
          "code" : "smart-app-state",
          "display" : "Endpoint storing smart app state resources"
        }
      ]
    },
    {
      "code" : "capability",
      "display" : "Capabilities of the server",
      "concept" : [
        {
          "code" : "launch-ehr",
          "display" : "support for SMART’s EHR Launch mode"
        },
        {
          "code" : "launch-standalone",
          "display" : "support for SMART’s Standalone Launch mode"
        },
        {
          "code" : "authorize-post",
          "display" : "support for POST-based authorization"
        },
        {
          "code" : "client-public",
          "display" : "support for SMART’s public client profile (no client authentication)"
        },
        {
          "code" : "client-confidential-symmetric",
          "display" : "support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric."
        },
        {
          "code" : "client-confidential-asymmetric",
          "display" : "support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric."
        },
        {
          "code" : "sso-openid-connect",
          "display" : "support for SMART’s OpenID Connect profile"
        },
        {
          "code" : "context-banner",
          "display" : "support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)"
        },
        {
          "code" : "context-style",
          "display" : "support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch"
        },
        {
          "code" : "context-ehr-patient",
          "display" : "support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"
        },
        {
          "code" : "context-ehr-encounter",
          "display" : "support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch"
        },
        {
          "code" : "context-standalone-patient",
          "display" : "support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"
        },
        {
          "code" : "context-standalone-encounter",
          "display" : "support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions"
        },
        {
          "code" : "permission-offline",
          "display" : "support for “offline” refresh tokens (requested by offline_access scope)"
        },
        {
          "code" : "permission-online",
          "display" : "support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context)."
        },
        {
          "code" : "permission-patient",
          "display" : "support for patient-level scopes (e.g., patient/Observation.rs)"
        },
        {
          "code" : "permission-user",
          "display" : "support for user-level scopes (e.g., user/Appointment.rs)"
        },
        {
          "code" : "permission-v1",
          "display" : "support for SMARTv1 scope syntax (e.g., patient/Observation.read)"
        },
        {
          "code" : "permission-v2",
          "display" : "support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)"
        },
        {
          "code" : "launch-token",
          "display" : "support for issuing launch tokens."
        },
        {
          "code" : "token-exchange-openid",
          "display" : "support for token exchange using an open id token"
        },
        {
          "code" : "token-exchange-accesstoken",
          "display" : "support for token exchange using an access token"
        },
        {
          "code" : "token-exchange-launchtoken",
          "display" : "support for token exchange using a launch token"
        }
      ]
    },
    {
      "code" : "grant-type",
      "display" : "Lists the grant-types supported",
      "concept" : [
        {
          "code" : "authorization_code",
          "display" : "when SMART App Launch is supported"
        },
        {
          "code" : "client_credentials",
          "display" : "Indicates upport for SMART Backend Services."
        },
        {
          "code" : "urn:ietf:params:oauth:grant-type:token-exchange",
          "display" : "Indicates support for token-exchange according to RFC8693"
        }
      ]
    },
    {
      "code" : "token_endpoint_auth_methods",
      "display" : "Supported token endpoints",
      "concept" : [
        {
          "code" : "client_secret_post"
        },
        {
          "code" : "client_secret_basic"
        },
        {
          "code" : "private_key_jwt"
        }
      ]
    },
    {
      "code" : "smart_associated_endpoints",
      "display" : "Smart associated_endpoints capabilities",
      "concept" : [
        {
          "code" : "token-reuse",
          "display" : "Authorization credentials can be retrieved by retrieving a access token for multiple audiences."
        },
        {
          "code" : "token-exchange",
          "display" : "Authorization credentials can be retrieved using token exchange."
        },
        {
          "code" : "smart-open-id-connect",
          "display" : "Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions."
        }
      ]
    }
  ]
}