SMARTapplaunchmultiserverauthentication, published by HL7. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-multi-auth/ and changes regularly. See the Directory of published versions
Draft as of 2024-12-09 |
<CodeSystem xmlns="http://hl7.org/fhir">
<id value="smart-auth-information-CodeSystem"/>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: CodeSystem smart-auth-information-CodeSystem</b></p><a name="smart-auth-information-CodeSystem"> </a><a name="hcsmart-auth-information-CodeSystem"> </a><a name="smart-auth-information-CodeSystem-en-US"> </a><p>This code system <code>http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem</code> defines the following codes in an undefined hierarchy:</p><table class="codes"><tr><td><b>Lvl</b></td><td style="white-space:nowrap"><b>Code</b></td><td><b>Display</b></td></tr><tr><td>1</td><td style="white-space:nowrap">endpoint-capabilities<a name="smart-auth-information-CodeSystem-endpoint-capabilities"> </a></td><td>Endpoint Capabilities</td></tr><tr><td>2</td><td style="white-space:nowrap"> smart-app-state<a name="smart-auth-information-CodeSystem-smart-app-state"> </a></td><td>Endpoint storing smart app state resources</td></tr><tr><td>1</td><td style="white-space:nowrap">capability<a name="smart-auth-information-CodeSystem-capability"> </a></td><td>Capabilities of the server</td></tr><tr><td>2</td><td style="white-space:nowrap"> launch-ehr<a name="smart-auth-information-CodeSystem-launch-ehr"> </a></td><td>support for SMART’s EHR Launch mode</td></tr><tr><td>2</td><td style="white-space:nowrap"> launch-standalone<a name="smart-auth-information-CodeSystem-launch-standalone"> </a></td><td>support for SMART’s Standalone Launch mode</td></tr><tr><td>2</td><td style="white-space:nowrap"> authorize-post<a name="smart-auth-information-CodeSystem-authorize-post"> </a></td><td>support for POST-based authorization</td></tr><tr><td>2</td><td style="white-space:nowrap"> client-public<a name="smart-auth-information-CodeSystem-client-public"> </a></td><td>support for SMART’s public client profile (no client authentication)</td></tr><tr><td>2</td><td style="white-space:nowrap"> client-confidential-symmetric<a name="smart-auth-information-CodeSystem-client-confidential-symmetric"> </a></td><td>support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric.</td></tr><tr><td>2</td><td style="white-space:nowrap"> client-confidential-asymmetric<a name="smart-auth-information-CodeSystem-client-confidential-asymmetric"> </a></td><td>support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric.</td></tr><tr><td>2</td><td style="white-space:nowrap"> sso-openid-connect<a name="smart-auth-information-CodeSystem-sso-openid-connect"> </a></td><td>support for SMART’s OpenID Connect profile</td></tr><tr><td>2</td><td style="white-space:nowrap"> context-banner<a name="smart-auth-information-CodeSystem-context-banner"> </a></td><td>support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)</td></tr><tr><td>2</td><td style="white-space:nowrap"> context-style<a name="smart-auth-information-CodeSystem-context-style"> </a></td><td>support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch</td></tr><tr><td>2</td><td style="white-space:nowrap"> context-ehr-patient<a name="smart-auth-information-CodeSystem-context-ehr-patient"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style="white-space:nowrap"> context-ehr-encounter<a name="smart-auth-information-CodeSystem-context-ehr-encounter"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch</td></tr><tr><td>2</td><td style="white-space:nowrap"> context-standalone-patient<a name="smart-auth-information-CodeSystem-context-standalone-patient"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style="white-space:nowrap"> context-standalone-encounter<a name="smart-auth-information-CodeSystem-context-standalone-encounter"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions</td></tr><tr><td>2</td><td style="white-space:nowrap"> permission-offline<a name="smart-auth-information-CodeSystem-permission-offline"> </a></td><td>support for “offline” refresh tokens (requested by offline_access scope)</td></tr><tr><td>2</td><td style="white-space:nowrap"> permission-online<a name="smart-auth-information-CodeSystem-permission-online"> </a></td><td>support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context).</td></tr><tr><td>2</td><td style="white-space:nowrap"> permission-patient<a name="smart-auth-information-CodeSystem-permission-patient"> </a></td><td>support for patient-level scopes (e.g., patient/Observation.rs)</td></tr><tr><td>2</td><td style="white-space:nowrap"> permission-user<a name="smart-auth-information-CodeSystem-permission-user"> </a></td><td>support for user-level scopes (e.g., user/Appointment.rs)</td></tr><tr><td>2</td><td style="white-space:nowrap"> permission-v1<a name="smart-auth-information-CodeSystem-permission-v1"> </a></td><td>support for SMARTv1 scope syntax (e.g., patient/Observation.read)</td></tr><tr><td>2</td><td style="white-space:nowrap"> permission-v2<a name="smart-auth-information-CodeSystem-permission-v2"> </a></td><td>support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)</td></tr><tr><td>2</td><td style="white-space:nowrap"> launch-token<a name="smart-auth-information-CodeSystem-launch-token"> </a></td><td>support for issuing launch tokens.</td></tr><tr><td>2</td><td style="white-space:nowrap"> token-exchange-openid<a name="smart-auth-information-CodeSystem-token-exchange-openid"> </a></td><td>support for token exchange using an open id token</td></tr><tr><td>2</td><td style="white-space:nowrap"> token-exchange-accesstoken<a name="smart-auth-information-CodeSystem-token-exchange-accesstoken"> </a></td><td>support for token exchange using an access token</td></tr><tr><td>2</td><td style="white-space:nowrap"> token-exchange-launchtoken<a name="smart-auth-information-CodeSystem-token-exchange-launchtoken"> </a></td><td>support for token exchange using a launch token</td></tr><tr><td>1</td><td style="white-space:nowrap">grant-type<a name="smart-auth-information-CodeSystem-grant-type"> </a></td><td>Lists the grant-types supported</td></tr><tr><td>2</td><td style="white-space:nowrap"> authorization_code<a name="smart-auth-information-CodeSystem-authorization_code"> </a></td><td>when SMART App Launch is supported</td></tr><tr><td>2</td><td style="white-space:nowrap"> client_credentials<a name="smart-auth-information-CodeSystem-client_credentials"> </a></td><td>Indicates upport for SMART Backend Services.</td></tr><tr><td>2</td><td style="white-space:nowrap"> urn:ietf:params:oauth:grant-type:token-exchange<a name="smart-auth-information-CodeSystem-urn.58ietf.58params.58oauth.58grant-type.58token-exchange"> </a></td><td>Indicates support for token-exchange according to RFC8693</td></tr><tr><td>1</td><td style="white-space:nowrap">token_endpoint_auth_methods<a name="smart-auth-information-CodeSystem-token_endpoint_auth_methods"> </a></td><td>Supported token endpoints</td></tr><tr><td>2</td><td style="white-space:nowrap"> client_secret_post<a name="smart-auth-information-CodeSystem-client_secret_post"> </a></td><td/></tr><tr><td>2</td><td style="white-space:nowrap"> client_secret_basic<a name="smart-auth-information-CodeSystem-client_secret_basic"> </a></td><td/></tr><tr><td>2</td><td style="white-space:nowrap"> private_key_jwt<a name="smart-auth-information-CodeSystem-private_key_jwt"> </a></td><td/></tr><tr><td>1</td><td style="white-space:nowrap">smart_associated_endpoints<a name="smart-auth-information-CodeSystem-smart_associated_endpoints"> </a></td><td>Smart associated_endpoints capabilities</td></tr><tr><td>2</td><td style="white-space:nowrap"> token-reuse<a name="smart-auth-information-CodeSystem-token-reuse"> </a></td><td>Authorization credentials can be retrieved by retrieving a access token for multiple audiences.</td></tr><tr><td>2</td><td style="white-space:nowrap"> token-exchange<a name="smart-auth-information-CodeSystem-token-exchange"> </a></td><td>Authorization credentials can be retrieved using token exchange.</td></tr><tr><td>2</td><td style="white-space:nowrap"> smart-open-id-connect<a name="smart-auth-information-CodeSystem-smart-open-id-connect"> </a></td><td>Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions.</td></tr></table></div>
</text>
<url
value="http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem"/>
<version value="0.1.0"/>
<name value="SmartAuthInformationCodeSystem"/>
<title value="Codes for SMART authorization"/>
<status value="draft"/>
<date value="2024-12-09T20:45:55+00:00"/>
<publisher value="HL7"/>
<contact>
<name value="HL7"/>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/fhiri"/>
</telecom>
</contact>
<contact>
<name value="HL7 International / FHIR infrastructure"/>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/fiwg/index.cfm"/>
</telecom>
</contact>
<contact>
<name value="Bas van den Heuvel"/>
<telecom>
<system value="email"/>
<value value="bas.van.den.heuvel@philips.com"/>
<use value="work"/>
</telecom>
</contact>
<description value="-"/>
<content value="complete"/>
<count value="38"/>
<concept>
<code value="endpoint-capabilities"/>
<display value="Endpoint Capabilities"/>
<concept>
<code value="smart-app-state"/>
<display value="Endpoint storing smart app state resources"/>
</concept>
</concept>
<concept>
<code value="capability"/>
<display value="Capabilities of the server"/>
<concept>
<code value="launch-ehr"/>
<display value="support for SMART’s EHR Launch mode"/>
</concept>
<concept>
<code value="launch-standalone"/>
<display value="support for SMART’s Standalone Launch mode"/>
</concept>
<concept>
<code value="authorize-post"/>
<display value="support for POST-based authorization"/>
</concept>
<concept>
<code value="client-public"/>
<display
value="support for SMART’s public client profile (no client authentication)"/>
</concept>
<concept>
<code value="client-confidential-symmetric"/>
<display
value="support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric."/>
</concept>
<concept>
<code value="client-confidential-asymmetric"/>
<display
value="support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric."/>
</concept>
<concept>
<code value="sso-openid-connect"/>
<display value="support for SMART’s OpenID Connect profile"/>
</concept>
<concept>
<code value="context-banner"/>
<display
value="support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)"/>
</concept>
<concept>
<code value="context-style"/>
<display
value="support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch"/>
</concept>
<concept>
<code value="context-ehr-patient"/>
<display
value="support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"/>
</concept>
<concept>
<code value="context-ehr-encounter"/>
<display
value="support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch"/>
</concept>
<concept>
<code value="context-standalone-patient"/>
<display
value="support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"/>
</concept>
<concept>
<code value="context-standalone-encounter"/>
<display
value="support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions"/>
</concept>
<concept>
<code value="permission-offline"/>
<display
value="support for “offline” refresh tokens (requested by offline_access scope)"/>
</concept>
<concept>
<code value="permission-online"/>
<display
value="support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context)."/>
</concept>
<concept>
<code value="permission-patient"/>
<display
value="support for patient-level scopes (e.g., patient/Observation.rs)"/>
</concept>
<concept>
<code value="permission-user"/>
<display
value="support for user-level scopes (e.g., user/Appointment.rs)"/>
</concept>
<concept>
<code value="permission-v1"/>
<display
value="support for SMARTv1 scope syntax (e.g., patient/Observation.read)"/>
</concept>
<concept>
<code value="permission-v2"/>
<display
value="support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)"/>
</concept>
<concept>
<code value="launch-token"/>
<display value="support for issuing launch tokens."/>
</concept>
<concept>
<code value="token-exchange-openid"/>
<display value="support for token exchange using an open id token"/>
</concept>
<concept>
<code value="token-exchange-accesstoken"/>
<display value="support for token exchange using an access token"/>
</concept>
<concept>
<code value="token-exchange-launchtoken"/>
<display value="support for token exchange using a launch token"/>
</concept>
</concept>
<concept>
<code value="grant-type"/>
<display value="Lists the grant-types supported"/>
<concept>
<code value="authorization_code"/>
<display value="when SMART App Launch is supported"/>
</concept>
<concept>
<code value="client_credentials"/>
<display value="Indicates upport for SMART Backend Services."/>
</concept>
<concept>
<code value="urn:ietf:params:oauth:grant-type:token-exchange"/>
<display
value="Indicates support for token-exchange according to RFC8693"/>
</concept>
</concept>
<concept>
<code value="token_endpoint_auth_methods"/>
<display value="Supported token endpoints"/>
<concept>
<code value="client_secret_post"/>
</concept>
<concept>
<code value="client_secret_basic"/>
</concept>
<concept>
<code value="private_key_jwt"/>
</concept>
</concept>
<concept>
<code value="smart_associated_endpoints"/>
<display value="Smart associated_endpoints capabilities"/>
<concept>
<code value="token-reuse"/>
<display
value="Authorization credentials can be retrieved by retrieving a access token for multiple audiences."/>
</concept>
<concept>
<code value="token-exchange"/>
<display
value="Authorization credentials can be retrieved using token exchange."/>
</concept>
<concept>
<code value="smart-open-id-connect"/>
<display
value="Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions."/>
</concept>
</concept>
</CodeSystem>