Smile CDR v2022.11.PRE
On this page:
   38.100    SMART Login Terms of Service
  • Configuration Categories
  • 38.0 Web Admin Console Settings
  • 38.1 appSphere
  • 38.2 Payer Config
  • 38.3 Initial appSphere Seeding
  • 38.4 Authentication Callback Scripts
  • 38.5 Auth: General for APIs
  • 38.6 User Authentication
  • 38.7 Auth: HTTP Basic
  • 38.8 Auth: OpenID Connect
  • 38.9 Browser Syntax Highlighting
  • 38.10 Capability Statement (metadata)
  • 38.11 CDA Generation
  • 38.12 CDA Import
  • 38.13 CDS Hooks Definitions
  • 38.14 Channel Import
  • 38.15 Channel Retry
  • 38.16 Kafka
  • 38.17 Smile CDR License
  • 38.18 Cluster Manager Maintenance
  • 38.19 Message Broker
  • 38.20 Cluster Level Security
  • 38.21 Credentials
  • 38.22 Cross-Origin Resource Sharing (CORS)
  • 38.23 Database
  • 38.24 Email Configuration
  • 38.25 ETL Import: CSV Properties
  • 38.26 ETL Import: Source
  • 38.27 FHIR Binary Storage
  • 38.28 FHIR Bulk Operations
  • 38.29 Capability Statement
  • 38.30 FHIR Configuration
  • 38.31 Consent Service
  • 38.32 FHIR Endpoint Conversion
  • 38.33 Interceptors
  • 38.34 FHIR Endpoint Partitioning
  • 38.35 Resource Providers
  • 38.36 FHIR Endpoint Security
  • 38.37 Endpoint Terminology
  • 38.38 FHIR Gateway Configuration
  • 38.39 FHIR Interceptors
  • 38.40 LiveBundle Service
  • 38.41 FHIR MDM Server
  • 38.42 FHIR Performance
  • 38.43 FHIR Performance Tracing
  • 38.44 FHIR Realtime Export
  • 38.45 Repository Validation
  • 38.46 FHIR Resource Types
  • 38.47 FHIR REST Endpoint
  • 38.48 FHIR Search
  • 38.49 FHIR Storage Module Scheduled Tasks
  • 38.50 FHIR Validation Services
  • 38.51 FHIR Storage Package Registry
  • 38.52 FHIR Storage Partitioning
  • 38.53 Versioned References
  • 38.54 FHIR Subscription Delivery
  • 38.55 FHIR Subscription Persistence
  • 38.56 Amazon HealthLake REST Endpoint
  • 38.57 HL7 v2.x Mapper - Contained Resource
  • 38.58 HL7 v2.x Mapper - DG1
  • 38.59 HL7 v2.x Mapper - Forced Namespace Mode
  • 38.60 HL7 v2.x Mapper - General
  • 38.61 HL7 v2.x Mapper - Medications
  • 38.62 HL7 v2.x Mapper - OBR
  • 38.63 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 38.64 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 38.65 HL7 v2.x Mapper - PID
  • 38.66 HL7 v2.x Mapper - PV1
  • 38.67 HL7 v2.x Listener Script
  • 38.68 HL7 v2.x MLLP Listener
  • 38.69 HL7 v2.x MLLP Sender
  • 38.70 FHIR to HL7 v2.x Mapper Script
  • 38.71 HL7 v2.x Outbound Mapping
  • 38.72 HTTP Access Log
  • 38.73 HTTP Listener
  • 38.74 HTTP Request Pool
  • 38.75 HTTP Security
  • 38.76 Hybrid Providers Definitions
  • 38.77 Initial User Seeding
  • 38.78 JavaScript Execution Environment
  • 38.79 JSON Web KeySet (JWKS)
  • 38.80 LDAP Authentication
  • 38.81 Lucene FullText Indexing
  • 38.82 MDM
  • 38.83 Narrative Generator
  • 38.84 OpenID Connect Token Validation
  • 38.85 OpenID Connect (OIDC)
  • 38.86 Payer to Payer
  • 38.87 Privacy Security Notice
  • 38.88 Provenance Injection
  • 38.89 Realtime Export
  • 38.90 Endpoint Validation: Request Validating
  • 38.91 Search Parameter Seeding
  • 38.92 SAML Provider
  • 38.93 Security Inbound Script
  • 38.94 Inbound SMART on FHIR Authentication
  • 38.95 Inbound SMART on FHIR Endpoints
  • 38.96 OAuth2/OIDC Federation
  • 38.97 SMART Callback Script
  • 38.98 Cross-Organizational Data Access Profile
  • 38.99 SMART Login Skin
  • 38.100 SMART Login Terms of Service
  • 38.101 SMART Authorization
  • 38.102 SMART Definitions Seeding
  • 38.103 Sessions
  • 38.104 Two Factor Authentication
  • 38.105 TLS / SSL (Encryption)
  • 38.106 Transaction Log
  • 38.107 Trusted Client
  • 38.108 User Self Registration
    • 38.102    SMART Definitions Seeding   
       Table of Contents

    SMART Authorization

    38.101SMART Authorization

     

    The SMART Authorization configuration category includes the following configurable options:

    • Allowed Audience List

    • Enforce Approved Scopes to Restrict Permissions

    • Scopes Supported

    38.101.1Property: Allowed Audience List

     
    Property Name Allowed Audience List
    Property Key
    Property Type STRING
    Description Space-separated list of allowed resource URLs as the 'audience' parameter during authentication flow. If left empty, no validation is performed.
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.allowed_audience_list =

    38.101.2Property: Enforce Approved Scopes to Restrict Permissions

     
    Property Name Enforce Approved Scopes to Restrict Permissions
    Property Key
    Property Type BOOLEAN
    Description When enabled, permission will be stripped from a user's session if they are not supported by an approved SMART on FHIR scope. For example, any FHIR write permissions will be removed from a session if the user has not approved (or a client is set to auto-approve) a scope such as Patient/*.write.
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value true
    Example Property 
    module.[MODULE_ID].config.enforce_approved_scopes_to_restrict_permissions = true

    38.101.3Property: Scopes Supported

     
    Property Name Scopes Supported
    Property Key
    Property Type STRING
    Description A space separated list of scopes to advertise as supported in the .well-known/smart-configuration
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value openid fhirUser
    Example Property 
    module.[MODULE_ID].config.smart_configuration.scopes_supported = openid fhirUser
       38.100    SMART Login Terms of Service
  • Configuration Categories
  • 38.0 Web Admin Console Settings
  • 38.1 appSphere
  • 38.2 Payer Config
  • 38.3 Initial appSphere Seeding
  • 38.4 Authentication Callback Scripts
  • 38.5 Auth: General for APIs
  • 38.6 User Authentication
  • 38.7 Auth: HTTP Basic
  • 38.8 Auth: OpenID Connect
  • 38.9 Browser Syntax Highlighting
  • 38.10 Capability Statement (metadata)
  • 38.11 CDA Generation
  • 38.12 CDA Import
  • 38.13 CDS Hooks Definitions
  • 38.14 Channel Import
  • 38.15 Channel Retry
  • 38.16 Kafka
  • 38.17 Smile CDR License
  • 38.18 Cluster Manager Maintenance
  • 38.19 Message Broker
  • 38.20 Cluster Level Security
  • 38.21 Credentials
  • 38.22 Cross-Origin Resource Sharing (CORS)
  • 38.23 Database
  • 38.24 Email Configuration
  • 38.25 ETL Import: CSV Properties
  • 38.26 ETL Import: Source
  • 38.27 FHIR Binary Storage
  • 38.28 FHIR Bulk Operations
  • 38.29 Capability Statement
  • 38.30 FHIR Configuration
  • 38.31 Consent Service
  • 38.32 FHIR Endpoint Conversion
  • 38.33 Interceptors
  • 38.34 FHIR Endpoint Partitioning
  • 38.35 Resource Providers
  • 38.36 FHIR Endpoint Security
  • 38.37 Endpoint Terminology
  • 38.38 FHIR Gateway Configuration
  • 38.39 FHIR Interceptors
  • 38.40 LiveBundle Service
  • 38.41 FHIR MDM Server
  • 38.42 FHIR Performance
  • 38.43 FHIR Performance Tracing
  • 38.44 FHIR Realtime Export
  • 38.45 Repository Validation
  • 38.46 FHIR Resource Types
  • 38.47 FHIR REST Endpoint
  • 38.48 FHIR Search
  • 38.49 FHIR Storage Module Scheduled Tasks
  • 38.50 FHIR Validation Services
  • 38.51 FHIR Storage Package Registry
  • 38.52 FHIR Storage Partitioning
  • 38.53 Versioned References
  • 38.54 FHIR Subscription Delivery
  • 38.55 FHIR Subscription Persistence
  • 38.56 Amazon HealthLake REST Endpoint
  • 38.57 HL7 v2.x Mapper - Contained Resource
  • 38.58 HL7 v2.x Mapper - DG1
  • 38.59 HL7 v2.x Mapper - Forced Namespace Mode
  • 38.60 HL7 v2.x Mapper - General
  • 38.61 HL7 v2.x Mapper - Medications
  • 38.62 HL7 v2.x Mapper - OBR
  • 38.63 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 38.64 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 38.65 HL7 v2.x Mapper - PID
  • 38.66 HL7 v2.x Mapper - PV1
  • 38.67 HL7 v2.x Listener Script
  • 38.68 HL7 v2.x MLLP Listener
  • 38.69 HL7 v2.x MLLP Sender
  • 38.70 FHIR to HL7 v2.x Mapper Script
  • 38.71 HL7 v2.x Outbound Mapping
  • 38.72 HTTP Access Log
  • 38.73 HTTP Listener
  • 38.74 HTTP Request Pool
  • 38.75 HTTP Security
  • 38.76 Hybrid Providers Definitions
  • 38.77 Initial User Seeding
  • 38.78 JavaScript Execution Environment
  • 38.79 JSON Web KeySet (JWKS)
  • 38.80 LDAP Authentication
  • 38.81 Lucene FullText Indexing
  • 38.82 MDM
  • 38.83 Narrative Generator
  • 38.84 OpenID Connect Token Validation
  • 38.85 OpenID Connect (OIDC)
  • 38.86 Payer to Payer
  • 38.87 Privacy Security Notice
  • 38.88 Provenance Injection
  • 38.89 Realtime Export
  • 38.90 Endpoint Validation: Request Validating
  • 38.91 Search Parameter Seeding
  • 38.92 SAML Provider
  • 38.93 Security Inbound Script
  • 38.94 Inbound SMART on FHIR Authentication
  • 38.95 Inbound SMART on FHIR Endpoints
  • 38.96 OAuth2/OIDC Federation
  • 38.97 SMART Callback Script
  • 38.98 Cross-Organizational Data Access Profile
  • 38.99 SMART Login Skin
  • 38.100 SMART Login Terms of Service
  • 38.101 SMART Authorization
  • 38.102 SMART Definitions Seeding
  • 38.103 Sessions
  • 38.104 Two Factor Authentication
  • 38.105 TLS / SSL (Encryption)
  • 38.106 Transaction Log
  • 38.107 Trusted Client
  • 38.108 User Self Registration
    • 38.102    SMART Definitions Seeding