0.1.0 - ci-build

SMARTapplaunchmultiserverauthentication, published by HL7. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-multi-auth/ and changes regularly. See the Directory of published versions

Logical Model: SMART launch conformance definition

Official URL: http://hl7.org/fhir/uv/smart-multi-server-auth/StructureDefinition/smart-launch-conformance-original Version: 0.1.0
Draft as of 2024-12-09 Computable Name: SmartLaunchConformanceOrginal

The formal definition of the SMART launch conformance as a FHIR logical model.

Usage:

  • This Logical Model Profile is not used by any profiles in this Implementation Guide

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from Base

NameFlagsCard.TypeDescription & Constraintsdoco
.. smart-launch-conformance-original 0..* Base SMART launch conformance definition
Instances of this logical model are not marked to be the target of a Reference
... issuer 0..1 string CONDITIONAL, String conveying this system’s OpenID Connect Issuer URL. Required if the server’s capabilities include sso-openid-connect; otherwise, omitted.
... jwks_uri 0..1 string CONDITIONAL, String conveying this system’s JSON Web Key Set URL. Required if the server’s capabilities include sso-openid-connect; otherwise, optional.
... authorization_endpoint 0..1 string REQUIRED, URL to the OAuth2 authorization endpoint. Required if server supports the `launch-ehr` or launch-standalone capability; otherwise, optional.
... token_endpoint 1..1 string OPTIONAL, URL to the OAuth2 token endpoint.
... token_endpoint_auth_methods_supported 0..1 code array of client authentication methods supported by the token endpoint. The options are “client_secret_post”, “client_secret_basic”, and “private_key_jwt”.
... registration_endpoint 0..1 string OPTIONAL, If available, URL to the OAuth2 dynamic registration endpoint for this FHIR server.
... smart_app_state_endpoint 0..1 string OPTIONAL, DEPRECATED, URL to the EHR’s app state endpoint. Deprecated; use associated_endpoints with the smart-app-state capability instead.
... user_access_brand_bundle 0..1 string RECOMMENDED, URL for a Brand Bundle. See User Access Brands.
... user_access_brand_identifier 0..1 string RECOMMENDED, Identifier for the primary entry in a Brand Bundle. See User Access Brands.
... scopes_supported 0..1 string RECOMMENDED, Array of scopes a client may request. See scopes and launch context. The server SHALL support all scopes listed here; additional scopes MAY be supported (so clients should not consider this an exhaustive list).
... response_types_supported 0..1 string RECOMMENDED, Array of OAuth2 response_type values that are supported. Implementers can refer to response_types defined in OAuth 2.0 (RFC 6749) and in OIDC Core.
... management_endpoint 0..1 string RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights.
... introspection_endpoint 0..1 string RECOMMENDED, URL to a server’s introspection endpoint that can be used to validate a token.
... revocation_endpoint 0..1 string RECOMMENDED, URL to a server’s revoke endpoint that can be used to revoke a token.
... capabilities 1..* code REQUIRED, Array of strings representing SMART capabilities (e.g., sso-openid-connect or launch-standalone) that the server supports.
... code_challenge_methods_supported 1..* string REQUIRED, Array of PKCE code challenge methods supported. The S256 method SHALL be included in this list, and the plain method SHALL NOT be included in this list.
... associated_endpoints 0..1 Base OPTIONAL, Array of objects for endpoints that share the same authorization mechanism as this FHIR endpoint, each with a “url” and “capabilities” array. This property is deemed experimental.
.... url 1..1 string url of the endpoint
.... capabilities 1..* string List of capabilities of the endpoint.

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. smart-launch-conformance-original 0..* Base SMART launch conformance definition
Instances of this logical model are not marked to be the target of a Reference
... issuer 0..1 string CONDITIONAL, String conveying this system’s OpenID Connect Issuer URL. Required if the server’s capabilities include sso-openid-connect; otherwise, omitted.
... jwks_uri 0..1 string CONDITIONAL, String conveying this system’s JSON Web Key Set URL. Required if the server’s capabilities include sso-openid-connect; otherwise, optional.
... authorization_endpoint 0..1 string REQUIRED, URL to the OAuth2 authorization endpoint. Required if server supports the `launch-ehr` or launch-standalone capability; otherwise, optional.
... token_endpoint 1..1 string OPTIONAL, URL to the OAuth2 token endpoint.
... token_endpoint_auth_methods_supported 0..1 code array of client authentication methods supported by the token endpoint. The options are “client_secret_post”, “client_secret_basic”, and “private_key_jwt”.
... registration_endpoint 0..1 string OPTIONAL, If available, URL to the OAuth2 dynamic registration endpoint for this FHIR server.
... smart_app_state_endpoint 0..1 string OPTIONAL, DEPRECATED, URL to the EHR’s app state endpoint. Deprecated; use associated_endpoints with the smart-app-state capability instead.
... user_access_brand_bundle 0..1 string RECOMMENDED, URL for a Brand Bundle. See User Access Brands.
... user_access_brand_identifier 0..1 string RECOMMENDED, Identifier for the primary entry in a Brand Bundle. See User Access Brands.
... scopes_supported 0..1 string RECOMMENDED, Array of scopes a client may request. See scopes and launch context. The server SHALL support all scopes listed here; additional scopes MAY be supported (so clients should not consider this an exhaustive list).
... response_types_supported 0..1 string RECOMMENDED, Array of OAuth2 response_type values that are supported. Implementers can refer to response_types defined in OAuth 2.0 (RFC 6749) and in OIDC Core.
... management_endpoint 0..1 string RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights.
... introspection_endpoint 0..1 string RECOMMENDED, URL to a server’s introspection endpoint that can be used to validate a token.
... revocation_endpoint 0..1 string RECOMMENDED, URL to a server’s revoke endpoint that can be used to revoke a token.
... capabilities 1..* code REQUIRED, Array of strings representing SMART capabilities (e.g., sso-openid-connect or launch-standalone) that the server supports.
... code_challenge_methods_supported 1..* string REQUIRED, Array of PKCE code challenge methods supported. The S256 method SHALL be included in this list, and the plain method SHALL NOT be included in this list.
... associated_endpoints 0..1 Base OPTIONAL, Array of objects for endpoints that share the same authorization mechanism as this FHIR endpoint, each with a “url” and “capabilities” array. This property is deemed experimental.
.... url 1..1 string url of the endpoint
.... capabilities 1..* string List of capabilities of the endpoint.

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. smart-launch-conformance-original 0..* Base SMART launch conformance definition
Instances of this logical model are not marked to be the target of a Reference
... issuer 0..1 string CONDITIONAL, String conveying this system’s OpenID Connect Issuer URL. Required if the server’s capabilities include sso-openid-connect; otherwise, omitted.
... jwks_uri 0..1 string CONDITIONAL, String conveying this system’s JSON Web Key Set URL. Required if the server’s capabilities include sso-openid-connect; otherwise, optional.
... authorization_endpoint 0..1 string REQUIRED, URL to the OAuth2 authorization endpoint. Required if server supports the `launch-ehr` or launch-standalone capability; otherwise, optional.
... token_endpoint 1..1 string OPTIONAL, URL to the OAuth2 token endpoint.
... token_endpoint_auth_methods_supported 0..1 code array of client authentication methods supported by the token endpoint. The options are “client_secret_post”, “client_secret_basic”, and “private_key_jwt”.
... registration_endpoint 0..1 string OPTIONAL, If available, URL to the OAuth2 dynamic registration endpoint for this FHIR server.
... smart_app_state_endpoint 0..1 string OPTIONAL, DEPRECATED, URL to the EHR’s app state endpoint. Deprecated; use associated_endpoints with the smart-app-state capability instead.
... user_access_brand_bundle 0..1 string RECOMMENDED, URL for a Brand Bundle. See User Access Brands.
... user_access_brand_identifier 0..1 string RECOMMENDED, Identifier for the primary entry in a Brand Bundle. See User Access Brands.
... scopes_supported 0..1 string RECOMMENDED, Array of scopes a client may request. See scopes and launch context. The server SHALL support all scopes listed here; additional scopes MAY be supported (so clients should not consider this an exhaustive list).
... response_types_supported 0..1 string RECOMMENDED, Array of OAuth2 response_type values that are supported. Implementers can refer to response_types defined in OAuth 2.0 (RFC 6749) and in OIDC Core.
... management_endpoint 0..1 string RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights.
... introspection_endpoint 0..1 string RECOMMENDED, URL to a server’s introspection endpoint that can be used to validate a token.
... revocation_endpoint 0..1 string RECOMMENDED, URL to a server’s revoke endpoint that can be used to revoke a token.
... capabilities 1..* code REQUIRED, Array of strings representing SMART capabilities (e.g., sso-openid-connect or launch-standalone) that the server supports.
... code_challenge_methods_supported 1..* string REQUIRED, Array of PKCE code challenge methods supported. The S256 method SHALL be included in this list, and the plain method SHALL NOT be included in this list.
... associated_endpoints 0..1 Base OPTIONAL, Array of objects for endpoints that share the same authorization mechanism as this FHIR endpoint, each with a “url” and “capabilities” array. This property is deemed experimental.
.... url 1..1 string url of the endpoint
.... capabilities 1..* string List of capabilities of the endpoint.

doco Documentation for this format

This structure is derived from Base

Summary

Mandatory: 0 element(6 nested mandatory elements)

Differential View

This structure is derived from Base

NameFlagsCard.TypeDescription & Constraintsdoco
.. smart-launch-conformance-original 0..* Base SMART launch conformance definition
Instances of this logical model are not marked to be the target of a Reference
... issuer 0..1 string CONDITIONAL, String conveying this system’s OpenID Connect Issuer URL. Required if the server’s capabilities include sso-openid-connect; otherwise, omitted.
... jwks_uri 0..1 string CONDITIONAL, String conveying this system’s JSON Web Key Set URL. Required if the server’s capabilities include sso-openid-connect; otherwise, optional.
... authorization_endpoint 0..1 string REQUIRED, URL to the OAuth2 authorization endpoint. Required if server supports the `launch-ehr` or launch-standalone capability; otherwise, optional.
... token_endpoint 1..1 string OPTIONAL, URL to the OAuth2 token endpoint.
... token_endpoint_auth_methods_supported 0..1 code array of client authentication methods supported by the token endpoint. The options are “client_secret_post”, “client_secret_basic”, and “private_key_jwt”.
... registration_endpoint 0..1 string OPTIONAL, If available, URL to the OAuth2 dynamic registration endpoint for this FHIR server.
... smart_app_state_endpoint 0..1 string OPTIONAL, DEPRECATED, URL to the EHR’s app state endpoint. Deprecated; use associated_endpoints with the smart-app-state capability instead.
... user_access_brand_bundle 0..1 string RECOMMENDED, URL for a Brand Bundle. See User Access Brands.
... user_access_brand_identifier 0..1 string RECOMMENDED, Identifier for the primary entry in a Brand Bundle. See User Access Brands.
... scopes_supported 0..1 string RECOMMENDED, Array of scopes a client may request. See scopes and launch context. The server SHALL support all scopes listed here; additional scopes MAY be supported (so clients should not consider this an exhaustive list).
... response_types_supported 0..1 string RECOMMENDED, Array of OAuth2 response_type values that are supported. Implementers can refer to response_types defined in OAuth 2.0 (RFC 6749) and in OIDC Core.
... management_endpoint 0..1 string RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights.
... introspection_endpoint 0..1 string RECOMMENDED, URL to a server’s introspection endpoint that can be used to validate a token.
... revocation_endpoint 0..1 string RECOMMENDED, URL to a server’s revoke endpoint that can be used to revoke a token.
... capabilities 1..* code REQUIRED, Array of strings representing SMART capabilities (e.g., sso-openid-connect or launch-standalone) that the server supports.
... code_challenge_methods_supported 1..* string REQUIRED, Array of PKCE code challenge methods supported. The S256 method SHALL be included in this list, and the plain method SHALL NOT be included in this list.
... associated_endpoints 0..1 Base OPTIONAL, Array of objects for endpoints that share the same authorization mechanism as this FHIR endpoint, each with a “url” and “capabilities” array. This property is deemed experimental.
.... url 1..1 string url of the endpoint
.... capabilities 1..* string List of capabilities of the endpoint.

doco Documentation for this format

Key Elements View

NameFlagsCard.TypeDescription & Constraintsdoco
.. smart-launch-conformance-original 0..* Base SMART launch conformance definition
Instances of this logical model are not marked to be the target of a Reference
... issuer 0..1 string CONDITIONAL, String conveying this system’s OpenID Connect Issuer URL. Required if the server’s capabilities include sso-openid-connect; otherwise, omitted.
... jwks_uri 0..1 string CONDITIONAL, String conveying this system’s JSON Web Key Set URL. Required if the server’s capabilities include sso-openid-connect; otherwise, optional.
... authorization_endpoint 0..1 string REQUIRED, URL to the OAuth2 authorization endpoint. Required if server supports the `launch-ehr` or launch-standalone capability; otherwise, optional.
... token_endpoint 1..1 string OPTIONAL, URL to the OAuth2 token endpoint.
... token_endpoint_auth_methods_supported 0..1 code array of client authentication methods supported by the token endpoint. The options are “client_secret_post”, “client_secret_basic”, and “private_key_jwt”.
... registration_endpoint 0..1 string OPTIONAL, If available, URL to the OAuth2 dynamic registration endpoint for this FHIR server.
... smart_app_state_endpoint 0..1 string OPTIONAL, DEPRECATED, URL to the EHR’s app state endpoint. Deprecated; use associated_endpoints with the smart-app-state capability instead.
... user_access_brand_bundle 0..1 string RECOMMENDED, URL for a Brand Bundle. See User Access Brands.
... user_access_brand_identifier 0..1 string RECOMMENDED, Identifier for the primary entry in a Brand Bundle. See User Access Brands.
... scopes_supported 0..1 string RECOMMENDED, Array of scopes a client may request. See scopes and launch context. The server SHALL support all scopes listed here; additional scopes MAY be supported (so clients should not consider this an exhaustive list).
... response_types_supported 0..1 string RECOMMENDED, Array of OAuth2 response_type values that are supported. Implementers can refer to response_types defined in OAuth 2.0 (RFC 6749) and in OIDC Core.
... management_endpoint 0..1 string RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights.
... introspection_endpoint 0..1 string RECOMMENDED, URL to a server’s introspection endpoint that can be used to validate a token.
... revocation_endpoint 0..1 string RECOMMENDED, URL to a server’s revoke endpoint that can be used to revoke a token.
... capabilities 1..* code REQUIRED, Array of strings representing SMART capabilities (e.g., sso-openid-connect or launch-standalone) that the server supports.
... code_challenge_methods_supported 1..* string REQUIRED, Array of PKCE code challenge methods supported. The S256 method SHALL be included in this list, and the plain method SHALL NOT be included in this list.
... associated_endpoints 0..1 Base OPTIONAL, Array of objects for endpoints that share the same authorization mechanism as this FHIR endpoint, each with a “url” and “capabilities” array. This property is deemed experimental.
.... url 1..1 string url of the endpoint
.... capabilities 1..* string List of capabilities of the endpoint.

doco Documentation for this format

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. smart-launch-conformance-original 0..* Base SMART launch conformance definition
Instances of this logical model are not marked to be the target of a Reference
... issuer 0..1 string CONDITIONAL, String conveying this system’s OpenID Connect Issuer URL. Required if the server’s capabilities include sso-openid-connect; otherwise, omitted.
... jwks_uri 0..1 string CONDITIONAL, String conveying this system’s JSON Web Key Set URL. Required if the server’s capabilities include sso-openid-connect; otherwise, optional.
... authorization_endpoint 0..1 string REQUIRED, URL to the OAuth2 authorization endpoint. Required if server supports the `launch-ehr` or launch-standalone capability; otherwise, optional.
... token_endpoint 1..1 string OPTIONAL, URL to the OAuth2 token endpoint.
... token_endpoint_auth_methods_supported 0..1 code array of client authentication methods supported by the token endpoint. The options are “client_secret_post”, “client_secret_basic”, and “private_key_jwt”.
... registration_endpoint 0..1 string OPTIONAL, If available, URL to the OAuth2 dynamic registration endpoint for this FHIR server.
... smart_app_state_endpoint 0..1 string OPTIONAL, DEPRECATED, URL to the EHR’s app state endpoint. Deprecated; use associated_endpoints with the smart-app-state capability instead.
... user_access_brand_bundle 0..1 string RECOMMENDED, URL for a Brand Bundle. See User Access Brands.
... user_access_brand_identifier 0..1 string RECOMMENDED, Identifier for the primary entry in a Brand Bundle. See User Access Brands.
... scopes_supported 0..1 string RECOMMENDED, Array of scopes a client may request. See scopes and launch context. The server SHALL support all scopes listed here; additional scopes MAY be supported (so clients should not consider this an exhaustive list).
... response_types_supported 0..1 string RECOMMENDED, Array of OAuth2 response_type values that are supported. Implementers can refer to response_types defined in OAuth 2.0 (RFC 6749) and in OIDC Core.
... management_endpoint 0..1 string RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights.
... introspection_endpoint 0..1 string RECOMMENDED, URL to a server’s introspection endpoint that can be used to validate a token.
... revocation_endpoint 0..1 string RECOMMENDED, URL to a server’s revoke endpoint that can be used to revoke a token.
... capabilities 1..* code REQUIRED, Array of strings representing SMART capabilities (e.g., sso-openid-connect or launch-standalone) that the server supports.
... code_challenge_methods_supported 1..* string REQUIRED, Array of PKCE code challenge methods supported. The S256 method SHALL be included in this list, and the plain method SHALL NOT be included in this list.
... associated_endpoints 0..1 Base OPTIONAL, Array of objects for endpoints that share the same authorization mechanism as this FHIR endpoint, each with a “url” and “capabilities” array. This property is deemed experimental.
.... url 1..1 string url of the endpoint
.... capabilities 1..* string List of capabilities of the endpoint.

doco Documentation for this format

This structure is derived from Base

Summary

Mandatory: 0 element(6 nested mandatory elements)

 

Other representations of profile: CSV, Excel