SMARTapplaunchmultiserverauthentication, published by HL7. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-multi-auth/ and changes regularly. See the Directory of published versions
Draft as of 2024-12-09 |
@prefix fhir: <http://hl7.org/fhir/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
# - resource -------------------------------------------------------------------
a fhir:CodeSystem ;
fhir:nodeRole fhir:treeRoot ;
fhir:id [ fhir:v "smart-auth-information-CodeSystem"] ; #
fhir:text [
fhir:status [ fhir:v "generated" ] ;
fhir:div "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: CodeSystem smart-auth-information-CodeSystem</b></p><a name=\"smart-auth-information-CodeSystem\"> </a><a name=\"hcsmart-auth-information-CodeSystem\"> </a><a name=\"smart-auth-information-CodeSystem-en-US\"> </a><p>This code system <code>http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem</code> defines the following codes in an undefined hierarchy:</p><table class=\"codes\"><tr><td><b>Lvl</b></td><td style=\"white-space:nowrap\"><b>Code</b></td><td><b>Display</b></td></tr><tr><td>1</td><td style=\"white-space:nowrap\">endpoint-capabilities<a name=\"smart-auth-information-CodeSystem-endpoint-capabilities\"> </a></td><td>Endpoint Capabilities</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> smart-app-state<a name=\"smart-auth-information-CodeSystem-smart-app-state\"> </a></td><td>Endpoint storing smart app state resources</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">capability<a name=\"smart-auth-information-CodeSystem-capability\"> </a></td><td>Capabilities of the server</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> launch-ehr<a name=\"smart-auth-information-CodeSystem-launch-ehr\"> </a></td><td>support for SMART’s EHR Launch mode</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> launch-standalone<a name=\"smart-auth-information-CodeSystem-launch-standalone\"> </a></td><td>support for SMART’s Standalone Launch mode</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> authorize-post<a name=\"smart-auth-information-CodeSystem-authorize-post\"> </a></td><td>support for POST-based authorization</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> client-public<a name=\"smart-auth-information-CodeSystem-client-public\"> </a></td><td>support for SMART’s public client profile (no client authentication)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> client-confidential-symmetric<a name=\"smart-auth-information-CodeSystem-client-confidential-symmetric\"> </a></td><td>support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> client-confidential-asymmetric<a name=\"smart-auth-information-CodeSystem-client-confidential-asymmetric\"> </a></td><td>support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> sso-openid-connect<a name=\"smart-auth-information-CodeSystem-sso-openid-connect\"> </a></td><td>support for SMART’s OpenID Connect profile</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> context-banner<a name=\"smart-auth-information-CodeSystem-context-banner\"> </a></td><td>support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> context-style<a name=\"smart-auth-information-CodeSystem-context-style\"> </a></td><td>support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> context-ehr-patient<a name=\"smart-auth-information-CodeSystem-context-ehr-patient\"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> context-ehr-encounter<a name=\"smart-auth-information-CodeSystem-context-ehr-encounter\"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> context-standalone-patient<a name=\"smart-auth-information-CodeSystem-context-standalone-patient\"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> context-standalone-encounter<a name=\"smart-auth-information-CodeSystem-context-standalone-encounter\"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> permission-offline<a name=\"smart-auth-information-CodeSystem-permission-offline\"> </a></td><td>support for “offline” refresh tokens (requested by offline_access scope)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> permission-online<a name=\"smart-auth-information-CodeSystem-permission-online\"> </a></td><td>support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context).</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> permission-patient<a name=\"smart-auth-information-CodeSystem-permission-patient\"> </a></td><td>support for patient-level scopes (e.g., patient/Observation.rs)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> permission-user<a name=\"smart-auth-information-CodeSystem-permission-user\"> </a></td><td>support for user-level scopes (e.g., user/Appointment.rs)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> permission-v1<a name=\"smart-auth-information-CodeSystem-permission-v1\"> </a></td><td>support for SMARTv1 scope syntax (e.g., patient/Observation.read)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> permission-v2<a name=\"smart-auth-information-CodeSystem-permission-v2\"> </a></td><td>support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> launch-token<a name=\"smart-auth-information-CodeSystem-launch-token\"> </a></td><td>support for issuing launch tokens.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> token-exchange-openid<a name=\"smart-auth-information-CodeSystem-token-exchange-openid\"> </a></td><td>support for token exchange using an open id token</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> token-exchange-accesstoken<a name=\"smart-auth-information-CodeSystem-token-exchange-accesstoken\"> </a></td><td>support for token exchange using an access token</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> token-exchange-launchtoken<a name=\"smart-auth-information-CodeSystem-token-exchange-launchtoken\"> </a></td><td>support for token exchange using a launch token</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">grant-type<a name=\"smart-auth-information-CodeSystem-grant-type\"> </a></td><td>Lists the grant-types supported</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> authorization_code<a name=\"smart-auth-information-CodeSystem-authorization_code\"> </a></td><td>when SMART App Launch is supported</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> client_credentials<a name=\"smart-auth-information-CodeSystem-client_credentials\"> </a></td><td>Indicates upport for SMART Backend Services.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> urn:ietf:params:oauth:grant-type:token-exchange<a name=\"smart-auth-information-CodeSystem-urn.58ietf.58params.58oauth.58grant-type.58token-exchange\"> </a></td><td>Indicates support for token-exchange according to RFC8693</td></tr><tr><td>1</td><td style=\"white-space:nowrap\">token_endpoint_auth_methods<a name=\"smart-auth-information-CodeSystem-token_endpoint_auth_methods\"> </a></td><td>Supported token endpoints</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> client_secret_post<a name=\"smart-auth-information-CodeSystem-client_secret_post\"> </a></td><td/></tr><tr><td>2</td><td style=\"white-space:nowrap\"> client_secret_basic<a name=\"smart-auth-information-CodeSystem-client_secret_basic\"> </a></td><td/></tr><tr><td>2</td><td style=\"white-space:nowrap\"> private_key_jwt<a name=\"smart-auth-information-CodeSystem-private_key_jwt\"> </a></td><td/></tr><tr><td>1</td><td style=\"white-space:nowrap\">smart_associated_endpoints<a name=\"smart-auth-information-CodeSystem-smart_associated_endpoints\"> </a></td><td>Smart associated_endpoints capabilities</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> token-reuse<a name=\"smart-auth-information-CodeSystem-token-reuse\"> </a></td><td>Authorization credentials can be retrieved by retrieving a access token for multiple audiences.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> token-exchange<a name=\"smart-auth-information-CodeSystem-token-exchange\"> </a></td><td>Authorization credentials can be retrieved using token exchange.</td></tr><tr><td>2</td><td style=\"white-space:nowrap\"> smart-open-id-connect<a name=\"smart-auth-information-CodeSystem-smart-open-id-connect\"> </a></td><td>Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions.</td></tr></table></div>"
] ; #
fhir:url [ fhir:v "http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem"^^xsd:anyURI] ; #
fhir:version [ fhir:v "0.1.0"] ; #
fhir:name [ fhir:v "SmartAuthInformationCodeSystem"] ; #
fhir:title [ fhir:v "Codes for SMART authorization"] ; #
fhir:status [ fhir:v "draft"] ; #
fhir:date [ fhir:v "2024-12-09T20:45:55+00:00"^^xsd:dateTime] ; #
fhir:publisher [ fhir:v "HL7"] ; #
fhir:contact ( [
fhir:name [ fhir:v "HL7" ] ;
( fhir:telecom [
fhir:system [ fhir:v "url" ] ;
fhir:value [ fhir:v "http://www.hl7.org/Special/committees/fhiri" ] ] )
] [
fhir:name [ fhir:v "HL7 International / FHIR infrastructure" ] ;
( fhir:telecom [
fhir:system [ fhir:v "url" ] ;
fhir:value [ fhir:v "http://www.hl7.org/Special/committees/fiwg/index.cfm" ] ] )
] [
fhir:name [ fhir:v "Bas van den Heuvel" ] ;
( fhir:telecom [
fhir:system [ fhir:v "email" ] ;
fhir:value [ fhir:v "bas.van.den.heuvel@philips.com" ] ;
fhir:use [ fhir:v "work" ] ] )
] ) ; #
fhir:description [ fhir:v "-"] ; #
fhir:content [ fhir:v "complete"] ; #
fhir:count [ fhir:v "38"^^xsd:nonNegativeInteger] ; #
fhir:concept ( [
fhir:code [ fhir:v "endpoint-capabilities" ] ;
fhir:display [ fhir:v "Endpoint Capabilities" ] ;
( fhir:concept [
fhir:code [ fhir:v "smart-app-state" ] ;
fhir:display [ fhir:v "Endpoint storing smart app state resources" ] ] )
] [
fhir:code [ fhir:v "capability" ] ;
fhir:display [ fhir:v "Capabilities of the server" ] ;
( fhir:concept [
fhir:code [ fhir:v "launch-ehr" ] ;
fhir:display [ fhir:v "support for SMART’s EHR Launch mode" ] ] [
fhir:code [ fhir:v "launch-standalone" ] ;
fhir:display [ fhir:v "support for SMART’s Standalone Launch mode" ] ] [
fhir:code [ fhir:v "authorize-post" ] ;
fhir:display [ fhir:v "support for POST-based authorization" ] ] [
fhir:code [ fhir:v "client-public" ] ;
fhir:display [ fhir:v "support for SMART’s public client profile (no client authentication)" ] ] [
fhir:code [ fhir:v "client-confidential-symmetric" ] ;
fhir:display [ fhir:v "support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric." ] ] [
fhir:code [ fhir:v "client-confidential-asymmetric" ] ;
fhir:display [ fhir:v "support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric." ] ] [
fhir:code [ fhir:v "sso-openid-connect" ] ;
fhir:display [ fhir:v "support for SMART’s OpenID Connect profile" ] ] [
fhir:code [ fhir:v "context-banner" ] ;
fhir:display [ fhir:v "support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)" ] ] [
fhir:code [ fhir:v "context-style" ] ;
fhir:display [ fhir:v "support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch" ] ] [
fhir:code [ fhir:v "context-ehr-patient" ] ;
fhir:display [ fhir:v "support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)" ] ] [
fhir:code [ fhir:v "context-ehr-encounter" ] ;
fhir:display [ fhir:v "support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch" ] ] [
fhir:code [ fhir:v "context-standalone-patient" ] ;
fhir:display [ fhir:v "support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)" ] ] [
fhir:code [ fhir:v "context-standalone-encounter" ] ;
fhir:display [ fhir:v "support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions" ] ] [
fhir:code [ fhir:v "permission-offline" ] ;
fhir:display [ fhir:v "support for “offline” refresh tokens (requested by offline_access scope)" ] ] [
fhir:code [ fhir:v "permission-online" ] ;
fhir:display [ fhir:v "support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context)." ] ] [
fhir:code [ fhir:v "permission-patient" ] ;
fhir:display [ fhir:v "support for patient-level scopes (e.g., patient/Observation.rs)" ] ] [
fhir:code [ fhir:v "permission-user" ] ;
fhir:display [ fhir:v "support for user-level scopes (e.g., user/Appointment.rs)" ] ] [
fhir:code [ fhir:v "permission-v1" ] ;
fhir:display [ fhir:v "support for SMARTv1 scope syntax (e.g., patient/Observation.read)" ] ] [
fhir:code [ fhir:v "permission-v2" ] ;
fhir:display [ fhir:v "support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)" ] ] [
fhir:code [ fhir:v "launch-token" ] ;
fhir:display [ fhir:v "support for issuing launch tokens." ] ] [
fhir:code [ fhir:v "token-exchange-openid" ] ;
fhir:display [ fhir:v "support for token exchange using an open id token" ] ] [
fhir:code [ fhir:v "token-exchange-accesstoken" ] ;
fhir:display [ fhir:v "support for token exchange using an access token" ] ] [
fhir:code [ fhir:v "token-exchange-launchtoken" ] ;
fhir:display [ fhir:v "support for token exchange using a launch token" ] ] )
] [
fhir:code [ fhir:v "grant-type" ] ;
fhir:display [ fhir:v "Lists the grant-types supported" ] ;
( fhir:concept [
fhir:code [ fhir:v "authorization_code" ] ;
fhir:display [ fhir:v "when SMART App Launch is supported" ] ] [
fhir:code [ fhir:v "client_credentials" ] ;
fhir:display [ fhir:v "Indicates upport for SMART Backend Services." ] ] [
fhir:code [ fhir:v "urn:ietf:params:oauth:grant-type:token-exchange" ] ;
fhir:display [ fhir:v "Indicates support for token-exchange according to RFC8693" ] ] )
] [
fhir:code [ fhir:v "token_endpoint_auth_methods" ] ;
fhir:display [ fhir:v "Supported token endpoints" ] ;
( fhir:concept [
fhir:code [ fhir:v "client_secret_post" ] ] [
fhir:code [ fhir:v "client_secret_basic" ] ] [
fhir:code [ fhir:v "private_key_jwt" ] ] )
] [
fhir:code [ fhir:v "smart_associated_endpoints" ] ;
fhir:display [ fhir:v "Smart associated_endpoints capabilities" ] ;
( fhir:concept [
fhir:code [ fhir:v "token-reuse" ] ;
fhir:display [ fhir:v "Authorization credentials can be retrieved by retrieving a access token for multiple audiences." ] ] [
fhir:code [ fhir:v "token-exchange" ] ;
fhir:display [ fhir:v "Authorization credentials can be retrieved using token exchange." ] ] [
fhir:code [ fhir:v "smart-open-id-connect" ] ;
fhir:display [ fhir:v "Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions." ] ] )
] ) . #
IG © 2024+ HL7. Package hl7.fhir.uv.smart-multi-server-auth#0.1.0 based on FHIR 4.0.1. Generated 2024-12-09
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change