0.1.0 - ci-build

SMARTapplaunchmultiserverauthentication, published by HL7. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-multi-auth/ and changes regularly. See the Directory of published versions

: Codes for SMART authorization - XML Representation

Draft as of 2024-12-09

Raw xml | Download


<CodeSystem xmlns="http://hl7.org/fhir">
  <id value="smart-auth-information-CodeSystem"/>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: CodeSystem smart-auth-information-CodeSystem</b></p><a name="smart-auth-information-CodeSystem"> </a><a name="hcsmart-auth-information-CodeSystem"> </a><a name="smart-auth-information-CodeSystem-en-US"> </a><p>This  code system <code>http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem</code> defines the following codes in an undefined hierarchy:</p><table class="codes"><tr><td><b>Lvl</b></td><td style="white-space:nowrap"><b>Code</b></td><td><b>Display</b></td></tr><tr><td>1</td><td style="white-space:nowrap">endpoint-capabilities<a name="smart-auth-information-CodeSystem-endpoint-capabilities"> </a></td><td>Endpoint Capabilities</td></tr><tr><td>2</td><td style="white-space:nowrap">  smart-app-state<a name="smart-auth-information-CodeSystem-smart-app-state"> </a></td><td>Endpoint storing smart app state resources</td></tr><tr><td>1</td><td style="white-space:nowrap">capability<a name="smart-auth-information-CodeSystem-capability"> </a></td><td>Capabilities of the server</td></tr><tr><td>2</td><td style="white-space:nowrap">  launch-ehr<a name="smart-auth-information-CodeSystem-launch-ehr"> </a></td><td>support for SMART’s EHR Launch mode</td></tr><tr><td>2</td><td style="white-space:nowrap">  launch-standalone<a name="smart-auth-information-CodeSystem-launch-standalone"> </a></td><td>support for SMART’s Standalone Launch mode</td></tr><tr><td>2</td><td style="white-space:nowrap">  authorize-post<a name="smart-auth-information-CodeSystem-authorize-post"> </a></td><td>support for POST-based authorization</td></tr><tr><td>2</td><td style="white-space:nowrap">  client-public<a name="smart-auth-information-CodeSystem-client-public"> </a></td><td>support for SMART’s public client profile (no client authentication)</td></tr><tr><td>2</td><td style="white-space:nowrap">  client-confidential-symmetric<a name="smart-auth-information-CodeSystem-client-confidential-symmetric"> </a></td><td>support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric.</td></tr><tr><td>2</td><td style="white-space:nowrap">  client-confidential-asymmetric<a name="smart-auth-information-CodeSystem-client-confidential-asymmetric"> </a></td><td>support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric.</td></tr><tr><td>2</td><td style="white-space:nowrap">  sso-openid-connect<a name="smart-auth-information-CodeSystem-sso-openid-connect"> </a></td><td>support for SMART’s OpenID Connect profile</td></tr><tr><td>2</td><td style="white-space:nowrap">  context-banner<a name="smart-auth-information-CodeSystem-context-banner"> </a></td><td>support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)</td></tr><tr><td>2</td><td style="white-space:nowrap">  context-style<a name="smart-auth-information-CodeSystem-context-style"> </a></td><td>support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch</td></tr><tr><td>2</td><td style="white-space:nowrap">  context-ehr-patient<a name="smart-auth-information-CodeSystem-context-ehr-patient"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style="white-space:nowrap">  context-ehr-encounter<a name="smart-auth-information-CodeSystem-context-ehr-encounter"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch</td></tr><tr><td>2</td><td style="white-space:nowrap">  context-standalone-patient<a name="smart-auth-information-CodeSystem-context-standalone-patient"> </a></td><td>support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)</td></tr><tr><td>2</td><td style="white-space:nowrap">  context-standalone-encounter<a name="smart-auth-information-CodeSystem-context-standalone-encounter"> </a></td><td>support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions</td></tr><tr><td>2</td><td style="white-space:nowrap">  permission-offline<a name="smart-auth-information-CodeSystem-permission-offline"> </a></td><td>support for “offline” refresh tokens (requested by offline_access scope)</td></tr><tr><td>2</td><td style="white-space:nowrap">  permission-online<a name="smart-auth-information-CodeSystem-permission-online"> </a></td><td>support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context).</td></tr><tr><td>2</td><td style="white-space:nowrap">  permission-patient<a name="smart-auth-information-CodeSystem-permission-patient"> </a></td><td>support for patient-level scopes (e.g., patient/Observation.rs)</td></tr><tr><td>2</td><td style="white-space:nowrap">  permission-user<a name="smart-auth-information-CodeSystem-permission-user"> </a></td><td>support for user-level scopes (e.g., user/Appointment.rs)</td></tr><tr><td>2</td><td style="white-space:nowrap">  permission-v1<a name="smart-auth-information-CodeSystem-permission-v1"> </a></td><td>support for SMARTv1 scope syntax (e.g., patient/Observation.read)</td></tr><tr><td>2</td><td style="white-space:nowrap">  permission-v2<a name="smart-auth-information-CodeSystem-permission-v2"> </a></td><td>support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)</td></tr><tr><td>2</td><td style="white-space:nowrap">  launch-token<a name="smart-auth-information-CodeSystem-launch-token"> </a></td><td>support for issuing launch tokens.</td></tr><tr><td>2</td><td style="white-space:nowrap">  token-exchange-openid<a name="smart-auth-information-CodeSystem-token-exchange-openid"> </a></td><td>support for token exchange using an open id token</td></tr><tr><td>2</td><td style="white-space:nowrap">  token-exchange-accesstoken<a name="smart-auth-information-CodeSystem-token-exchange-accesstoken"> </a></td><td>support for token exchange using an access token</td></tr><tr><td>2</td><td style="white-space:nowrap">  token-exchange-launchtoken<a name="smart-auth-information-CodeSystem-token-exchange-launchtoken"> </a></td><td>support for token exchange using a launch token</td></tr><tr><td>1</td><td style="white-space:nowrap">grant-type<a name="smart-auth-information-CodeSystem-grant-type"> </a></td><td>Lists the grant-types supported</td></tr><tr><td>2</td><td style="white-space:nowrap">  authorization_code<a name="smart-auth-information-CodeSystem-authorization_code"> </a></td><td>when SMART App Launch is supported</td></tr><tr><td>2</td><td style="white-space:nowrap">  client_credentials<a name="smart-auth-information-CodeSystem-client_credentials"> </a></td><td>Indicates upport for SMART Backend Services.</td></tr><tr><td>2</td><td style="white-space:nowrap">  urn:ietf:params:oauth:grant-type:token-exchange<a name="smart-auth-information-CodeSystem-urn.58ietf.58params.58oauth.58grant-type.58token-exchange"> </a></td><td>Indicates support for token-exchange according to RFC8693</td></tr><tr><td>1</td><td style="white-space:nowrap">token_endpoint_auth_methods<a name="smart-auth-information-CodeSystem-token_endpoint_auth_methods"> </a></td><td>Supported token endpoints</td></tr><tr><td>2</td><td style="white-space:nowrap">  client_secret_post<a name="smart-auth-information-CodeSystem-client_secret_post"> </a></td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  client_secret_basic<a name="smart-auth-information-CodeSystem-client_secret_basic"> </a></td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  private_key_jwt<a name="smart-auth-information-CodeSystem-private_key_jwt"> </a></td><td/></tr><tr><td>1</td><td style="white-space:nowrap">smart_associated_endpoints<a name="smart-auth-information-CodeSystem-smart_associated_endpoints"> </a></td><td>Smart associated_endpoints capabilities</td></tr><tr><td>2</td><td style="white-space:nowrap">  token-reuse<a name="smart-auth-information-CodeSystem-token-reuse"> </a></td><td>Authorization credentials can be retrieved by retrieving a access token for multiple audiences.</td></tr><tr><td>2</td><td style="white-space:nowrap">  token-exchange<a name="smart-auth-information-CodeSystem-token-exchange"> </a></td><td>Authorization credentials can be retrieved using token exchange.</td></tr><tr><td>2</td><td style="white-space:nowrap">  smart-open-id-connect<a name="smart-auth-information-CodeSystem-smart-open-id-connect"> </a></td><td>Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions.</td></tr></table></div>
  </text>
  <url
       value="http://hl7.org/fhir/uv/smart-multi-server-auth/CodeSystem/smart-auth-information-CodeSystem"/>
  <version value="0.1.0"/>
  <name value="SmartAuthInformationCodeSystem"/>
  <title value="Codes for SMART authorization"/>
  <status value="draft"/>
  <date value="2024-12-09T20:45:55+00:00"/>
  <publisher value="HL7"/>
  <contact>
    <name value="HL7"/>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org/Special/committees/fhiri"/>
    </telecom>
  </contact>
  <contact>
    <name value="HL7 International / FHIR infrastructure"/>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org/Special/committees/fiwg/index.cfm"/>
    </telecom>
  </contact>
  <contact>
    <name value="Bas van den Heuvel"/>
    <telecom>
      <system value="email"/>
      <value value="bas.van.den.heuvel@philips.com"/>
      <use value="work"/>
    </telecom>
  </contact>
  <description value="-"/>
  <content value="complete"/>
  <count value="38"/>
  <concept>
    <code value="endpoint-capabilities"/>
    <display value="Endpoint Capabilities"/>
    <concept>
      <code value="smart-app-state"/>
      <display value="Endpoint storing smart app state resources"/>
    </concept>
  </concept>
  <concept>
    <code value="capability"/>
    <display value="Capabilities of the server"/>
    <concept>
      <code value="launch-ehr"/>
      <display value="support for SMART’s EHR Launch mode"/>
    </concept>
    <concept>
      <code value="launch-standalone"/>
      <display value="support for SMART’s Standalone Launch mode"/>
    </concept>
    <concept>
      <code value="authorize-post"/>
      <display value="support for POST-based authorization"/>
    </concept>
    <concept>
      <code value="client-public"/>
      <display
               value="support for SMART’s public client profile (no client authentication)"/>
    </concept>
    <concept>
      <code value="client-confidential-symmetric"/>
      <display
               value="support for SMART’s symmetric confidential client profile (“client secret” authentication). See Client Authentication Symmetric."/>
    </concept>
    <concept>
      <code value="client-confidential-asymmetric"/>
      <display
               value="support for SMART’s asymmetric confidential client profile (“JWT authentication”). See Client Authentication Asymmetric."/>
    </concept>
    <concept>
      <code value="sso-openid-connect"/>
      <display value="support for SMART’s OpenID Connect profile"/>
    </concept>
    <concept>
      <code value="context-banner"/>
      <display
               value="support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)"/>
    </concept>
    <concept>
      <code value="context-style"/>
      <display
               value="support for “SMART style URL” launch context (conveyed via smart_style_url token parameter). This capability is deemed experimental. Launch Context for EHR Launch"/>
    </concept>
    <concept>
      <code value="context-ehr-patient"/>
      <display
               value="support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"/>
    </concept>
    <concept>
      <code value="context-ehr-encounter"/>
      <display
               value="support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Launch Context for Standalone Launch"/>
    </concept>
    <concept>
      <code value="context-standalone-patient"/>
      <display
               value="support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)"/>
    </concept>
    <concept>
      <code value="context-standalone-encounter"/>
      <display
               value="support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter) Permissions"/>
    </concept>
    <concept>
      <code value="permission-offline"/>
      <display
               value="support for “offline” refresh tokens (requested by offline_access scope)"/>
    </concept>
    <concept>
      <code value="permission-online"/>
      <display
               value="support for “online” refresh tokens requested during EHR Launch (requested by online_access scope). This capability is deemed experimental, providing the input to a scope negotiation that could result in granting an online or offline refresh token (see Scopes and Launch Context)."/>
    </concept>
    <concept>
      <code value="permission-patient"/>
      <display
               value="support for patient-level scopes (e.g., patient/Observation.rs)"/>
    </concept>
    <concept>
      <code value="permission-user"/>
      <display
               value="support for user-level scopes (e.g., user/Appointment.rs)"/>
    </concept>
    <concept>
      <code value="permission-v1"/>
      <display
               value="support for SMARTv1 scope syntax (e.g., patient/Observation.read)"/>
    </concept>
    <concept>
      <code value="permission-v2"/>
      <display
               value="support for SMARTv2 granular scope syntax (e.g., patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs) App State (Experimental)"/>
    </concept>
    <concept>
      <code value="launch-token"/>
      <display value="support for issuing launch tokens."/>
    </concept>
    <concept>
      <code value="token-exchange-openid"/>
      <display value="support for token exchange using an open id token"/>
    </concept>
    <concept>
      <code value="token-exchange-accesstoken"/>
      <display value="support for token exchange using an access token"/>
    </concept>
    <concept>
      <code value="token-exchange-launchtoken"/>
      <display value="support for token exchange using a launch token"/>
    </concept>
  </concept>
  <concept>
    <code value="grant-type"/>
    <display value="Lists the grant-types supported"/>
    <concept>
      <code value="authorization_code"/>
      <display value="when SMART App Launch is supported"/>
    </concept>
    <concept>
      <code value="client_credentials"/>
      <display value="Indicates upport for SMART Backend Services."/>
    </concept>
    <concept>
      <code value="urn:ietf:params:oauth:grant-type:token-exchange"/>
      <display
               value="Indicates support for token-exchange according to RFC8693"/>
    </concept>
  </concept>
  <concept>
    <code value="token_endpoint_auth_methods"/>
    <display value="Supported token endpoints"/>
    <concept>
      <code value="client_secret_post"/>
    </concept>
    <concept>
      <code value="client_secret_basic"/>
    </concept>
    <concept>
      <code value="private_key_jwt"/>
    </concept>
  </concept>
  <concept>
    <code value="smart_associated_endpoints"/>
    <display value="Smart associated_endpoints capabilities"/>
    <concept>
      <code value="token-reuse"/>
      <display
               value="Authorization credentials can be retrieved by retrieving a access token for multiple audiences."/>
    </concept>
    <concept>
      <code value="token-exchange"/>
      <display
               value="Authorization credentials can be retrieved using token exchange."/>
    </concept>
    <concept>
      <code value="smart-open-id-connect"/>
      <display
               value="Authorization credentials can be retrieved using OpenID Connect with SMART on FHIR extensions."/>
    </concept>
  </concept>
</CodeSystem>