On this page:
   33.74    OAuth2/OIDC Federation
  • Configuration Categories
  • 33.0 Web Admin Console Settings
  • 33.1 Authentication Callback Scripts
  • 33.2 Auth: General for APIs
  • 33.3 User Authentication
  • 33.4 Auth: HTTP Basic
  • 33.5 Auth: OpenID Connect
  • 33.6 Browser Syntax Highlighting
  • 33.7 Capability Statement (metadata)
  • 33.8 Channel Import
  • 33.9 Channel Retry
  • 33.10 Cluster Manager Subscription Messaging
  • 33.11 Cluster Manager Maintenance
  • 33.12 Cluster Manager Message Broker
  • 33.13 Cluster Manager Kafka
  • 33.14 Credentials
  • 33.15 Cross-Origin Resource Sharing (CORS)
  • 33.16 Database
  • 33.17 ETL Import: CSV Properties
  • 33.18 ETL Import: Source
  • 33.19 FHIR Binary Storage
  • 33.20 FHIR Bulk Operations
  • 33.21 FHIR Configuration
  • 33.22 FHIR Consent Service
  • 33.23 FHIR LiveBundle Service
  • 33.24 FHIR Endpoint Conversion
  • 33.25 FHIR Endpoint Security
  • 33.26 Interceptors
  • 33.27 FHIR Endpoint Partitioning and Multitenancy
  • 33.28 FHIR Gateway Config
  • 33.29 FHIR MDM Server
  • 33.30 FHIR Storage Partitioning and Multitenancy
  • 33.31 Package Registry
  • 33.32 Versioned References
  • 33.33 FHIR Performance
  • 33.34 FHIR Performance Tracing
  • 33.35 FHIR Realtime Export
  • 33.36 FHIR Resource Types
  • 33.37 FHIR REST Endpoint
  • 33.38 FHIR Search
  • 33.39 FHIR Interceptors
  • 33.40 FHIR Repository Validation
  • 33.41 FHIR Subscription Persistence
  • 33.42 FHIR Subscription Delivery
  • 33.43 FHIR Validation Services
  • 33.44 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 33.45 HL7 v2.x to FHIR Mapper - General
  • 33.46 HL7 v2.x Mapper - Medications
  • 33.47 HL7 v2.x to FHIR Mapper - OBR
  • 33.48 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 33.49 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 33.50 HL7 v2.x to FHIR Mapper - PV1
  • 33.51 HL7 v2.x Listener Script
  • 33.52 HL7 v2.x MLLP Listener
  • 33.53 FHIR to HL7 v2.x Mapper Script
  • 33.54 HL7 v2.x MLLP Sender
  • 33.55 HTTP Access Log
  • 33.56 HTTP Listener
  • 33.57 HTTP Request Pool
  • 33.58 HTTP Security
  • 33.59 Hybrid Providers Definitions
  • 33.60 Initial User Seeding
  • 33.61 JSON Web KeySet (JWKS)
  • 33.62 LDAP Authentication
  • 33.63 Lucene FullText Indexing
  • 33.64 Narrative Generator
  • 33.65 MDM
  • 33.66 OpenID Connect (OIC)
  • 33.67 Realtime Export
  • 33.68 Request Validating
  • 33.69 Security Inbound Script
  • 33.70 Inbound SMART on FHIR Authentication
  • 33.71 Inbound SMART on FHIR Endpoints
  • 33.72 OpenID Connect Token Validation
  • 33.73 SAML Provider
  • 33.74 OAuth2/OIDC Federation
  • 33.75 SMART Authorization
  • 33.76 SMART Definitions Seeding
  • 33.77 Sessions
  • 33.78 SMART Outbound Security: Callback Script
  • 33.79 SMART Outbound Security: CODAP
  • 33.80 SMART Outbound Security: Login Skin
  • 33.81 Two Factor Authentication
  • 33.82 TLS / SSL (Encryption)
  • 33.83 Trusted Client
  • 33.84 Transaction Log
  • 33.85 Miscellaneous Categories
    • 33.76    SMART Definitions Seeding   
       Table of Contents

    SMART Authorization

    33.75SMART Authorization

     

    The SMART Authorization configuration category includes the following configurable options:

    • Enforce Approved Scopes to Restrict Permissions

    33.75.1Property: Enforce Approved Scopes to Restrict Permissions

     
    Property Name Enforce Approved Scopes to Restrict Permissions
    Property Key
    Property Type BOOLEAN
    Description When enabled, permission will be stripped from a user's session if they are not supported by an approved SMART on FHIR scope. For example, any FHIR write permissions will be removed from a session if the user has not approved (or a client is set to auto-approve) a scope such as Patient/*.write.
    Default Value true
    Example Property 
    module.[MODULE_ID].config.enforce_approved_scopes_to_restrict_permissions = true
       33.74    OAuth2/OIDC Federation
  • Configuration Categories
  • 33.0 Web Admin Console Settings
  • 33.1 Authentication Callback Scripts
  • 33.2 Auth: General for APIs
  • 33.3 User Authentication
  • 33.4 Auth: HTTP Basic
  • 33.5 Auth: OpenID Connect
  • 33.6 Browser Syntax Highlighting
  • 33.7 Capability Statement (metadata)
  • 33.8 Channel Import
  • 33.9 Channel Retry
  • 33.10 Cluster Manager Subscription Messaging
  • 33.11 Cluster Manager Maintenance
  • 33.12 Cluster Manager Message Broker
  • 33.13 Cluster Manager Kafka
  • 33.14 Credentials
  • 33.15 Cross-Origin Resource Sharing (CORS)
  • 33.16 Database
  • 33.17 ETL Import: CSV Properties
  • 33.18 ETL Import: Source
  • 33.19 FHIR Binary Storage
  • 33.20 FHIR Bulk Operations
  • 33.21 FHIR Configuration
  • 33.22 FHIR Consent Service
  • 33.23 FHIR LiveBundle Service
  • 33.24 FHIR Endpoint Conversion
  • 33.25 FHIR Endpoint Security
  • 33.26 Interceptors
  • 33.27 FHIR Endpoint Partitioning and Multitenancy
  • 33.28 FHIR Gateway Config
  • 33.29 FHIR MDM Server
  • 33.30 FHIR Storage Partitioning and Multitenancy
  • 33.31 Package Registry
  • 33.32 Versioned References
  • 33.33 FHIR Performance
  • 33.34 FHIR Performance Tracing
  • 33.35 FHIR Realtime Export
  • 33.36 FHIR Resource Types
  • 33.37 FHIR REST Endpoint
  • 33.38 FHIR Search
  • 33.39 FHIR Interceptors
  • 33.40 FHIR Repository Validation
  • 33.41 FHIR Subscription Persistence
  • 33.42 FHIR Subscription Delivery
  • 33.43 FHIR Validation Services
  • 33.44 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 33.45 HL7 v2.x to FHIR Mapper - General
  • 33.46 HL7 v2.x Mapper - Medications
  • 33.47 HL7 v2.x to FHIR Mapper - OBR
  • 33.48 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 33.49 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 33.50 HL7 v2.x to FHIR Mapper - PV1
  • 33.51 HL7 v2.x Listener Script
  • 33.52 HL7 v2.x MLLP Listener
  • 33.53 FHIR to HL7 v2.x Mapper Script
  • 33.54 HL7 v2.x MLLP Sender
  • 33.55 HTTP Access Log
  • 33.56 HTTP Listener
  • 33.57 HTTP Request Pool
  • 33.58 HTTP Security
  • 33.59 Hybrid Providers Definitions
  • 33.60 Initial User Seeding
  • 33.61 JSON Web KeySet (JWKS)
  • 33.62 LDAP Authentication
  • 33.63 Lucene FullText Indexing
  • 33.64 Narrative Generator
  • 33.65 MDM
  • 33.66 OpenID Connect (OIC)
  • 33.67 Realtime Export
  • 33.68 Request Validating
  • 33.69 Security Inbound Script
  • 33.70 Inbound SMART on FHIR Authentication
  • 33.71 Inbound SMART on FHIR Endpoints
  • 33.72 OpenID Connect Token Validation
  • 33.73 SAML Provider
  • 33.74 OAuth2/OIDC Federation
  • 33.75 SMART Authorization
  • 33.76 SMART Definitions Seeding
  • 33.77 Sessions
  • 33.78 SMART Outbound Security: Callback Script
  • 33.79 SMART Outbound Security: CODAP
  • 33.80 SMART Outbound Security: Login Skin
  • 33.81 Two Factor Authentication
  • 33.82 TLS / SSL (Encryption)
  • 33.83 Trusted Client
  • 33.84 Transaction Log
  • 33.85 Miscellaneous Categories
    • 33.76    SMART Definitions Seeding