On this page:
   34.77    OAuth2/OIDC Federation
  • Configuration Categories
  • 34.0 Web Admin Console Settings
  • 34.1 App Gallery
  • 34.2 Authentication Callback Scripts
  • 34.3 Auth: General for APIs
  • 34.4 User Authentication
  • 34.5 Auth: HTTP Basic
  • 34.6 Auth: OpenID Connect
  • 34.7 Browser Syntax Highlighting
  • 34.8 Capability Statement (metadata)
  • 34.9 CDS Hooks
  • 34.10 Channel Import
  • 34.11 Channel Retry
  • 34.12 Cluster Manager Maintenance
  • 34.13 Cluster Manager Message Broker
  • 34.14 Cluster Manager Kafka
  • 34.15 Credentials
  • 34.16 Cross-Origin Resource Sharing (CORS)
  • 34.17 Database
  • 34.18 ETL Import: CSV Properties
  • 34.19 ETL Import: Source
  • 34.20 FHIR Binary Storage
  • 34.21 FHIR Bulk Operations
  • 34.22 FHIR Configuration
  • 34.23 FHIR Capability Statement
  • 34.24 FHIR Consent Service
  • 34.25 FHIR Endpoint Terminology
  • 34.26 FHIR LiveBundle Service
  • 34.27 FHIR Endpoint Conversion
  • 34.28 FHIR Endpoint Security
  • 34.29 Interceptors
  • 34.30 FHIR Endpoint Partitioning and Multitenancy
  • 34.31 FHIR Gateway Config
  • 34.32 FHIR MDM Server
  • 34.33 FHIR Storage Partitioning and Multitenancy
  • 34.34 FHIR Storage Package Registry
  • 34.35 Versioned References
  • 34.36 FHIR Performance
  • 34.37 FHIR Performance Tracing
  • 34.38 FHIR Realtime Export
  • 34.39 FHIR Resource Types
  • 34.40 FHIR REST Endpoint
  • 34.41 FHIR Search
  • 34.42 FHIR Interceptors
  • 34.43 FHIR Repository Validation
  • 34.44 FHIR Subscription Persistence
  • 34.45 FHIR Subscription Delivery
  • 34.46 FHIR Validation Services
  • 34.47 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 34.48 HL7 v2.x to FHIR Mapper - General
  • 34.49 HL7 v2.x Mapper - Medications
  • 34.50 HL7 v2.x to FHIR Mapper - OBR
  • 34.51 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 34.52 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 34.53 HL7 v2.x to FHIR Mapper - PV1
  • 34.54 HL7 v2.x Listener Script
  • 34.55 HL7 v2.x MLLP Listener
  • 34.56 FHIR to HL7 v2.x Mapper Script
  • 34.57 HL7 v2.x MLLP Sender
  • 34.58 HTTP Access Log
  • 34.59 HTTP Listener
  • 34.60 HTTP Request Pool
  • 34.61 HTTP Security
  • 34.62 Hybrid Providers Definitions
  • 34.63 Initial User Seeding
  • 34.64 JSON Web KeySet (JWKS)
  • 34.65 LDAP Authentication
  • 34.66 Lucene FullText Indexing
  • 34.67 Narrative Generator
  • 34.68 Master Data Management
  • 34.69 OpenID Connect (OIDC)
  • 34.70 Realtime Export
  • 34.71 Request Validating
  • 34.72 Security Inbound Script
  • 34.73 Inbound SMART on FHIR Authentication
  • 34.74 Inbound SMART on FHIR Endpoints
  • 34.75 OpenID Connect Token Validation
  • 34.76 SAML Provider
  • 34.77 OAuth2/OIDC Federation
  • 34.78 SMART Authorization
  • 34.79 SMART Definitions Seeding
  • 34.80 Sessions
  • 34.81 SMART Outbound Security: Callback Script
  • 34.82 SMART Outbound Security: CODAP
  • 34.83 SMART Outbound Security: Login Skin
  • 34.84 SMART Outbound Security: Terms of Service
  • 34.85 Two Factor Authentication
  • 34.86 TLS / SSL (Encryption)
  • 34.87 Trusted Client
  • 34.88 Transaction Log
  • 34.89 User Self Registration
    • 34.79    SMART Definitions Seeding   
       Table of Contents

    SMART Authorization

    34.78SMART Authorization

     

    The SMART Authorization configuration category includes the following configurable options:

    • Enforce Approved Scopes to Restrict Permissions

    • Scopes Supported

    34.78.1Property: Enforce Approved Scopes to Restrict Permissions

     
    Property Name Enforce Approved Scopes to Restrict Permissions
    Property Key
    Property Type BOOLEAN
    Description When enabled, permission will be stripped from a user's session if they are not supported by an approved SMART on FHIR scope. For example, any FHIR write permissions will be removed from a session if the user has not approved (or a client is set to auto-approve) a scope such as Patient/*.write.
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value true
    Example Property 
    module.[MODULE_ID].config.enforce_approved_scopes_to_restrict_permissions = true

    34.78.2Property: Scopes Supported

     
    Property Name Scopes Supported
    Property Key
    Property Type STRING
    Description A space separated list of scopes to advertise as supported in the .well-known/smart-configuration
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value openid fhirUser
    Example Property 
    module.[MODULE_ID].config.smart_configuration.scopes_supported = openid fhirUser
       34.77    OAuth2/OIDC Federation
  • Configuration Categories
  • 34.0 Web Admin Console Settings
  • 34.1 App Gallery
  • 34.2 Authentication Callback Scripts
  • 34.3 Auth: General for APIs
  • 34.4 User Authentication
  • 34.5 Auth: HTTP Basic
  • 34.6 Auth: OpenID Connect
  • 34.7 Browser Syntax Highlighting
  • 34.8 Capability Statement (metadata)
  • 34.9 CDS Hooks
  • 34.10 Channel Import
  • 34.11 Channel Retry
  • 34.12 Cluster Manager Maintenance
  • 34.13 Cluster Manager Message Broker
  • 34.14 Cluster Manager Kafka
  • 34.15 Credentials
  • 34.16 Cross-Origin Resource Sharing (CORS)
  • 34.17 Database
  • 34.18 ETL Import: CSV Properties
  • 34.19 ETL Import: Source
  • 34.20 FHIR Binary Storage
  • 34.21 FHIR Bulk Operations
  • 34.22 FHIR Configuration
  • 34.23 FHIR Capability Statement
  • 34.24 FHIR Consent Service
  • 34.25 FHIR Endpoint Terminology
  • 34.26 FHIR LiveBundle Service
  • 34.27 FHIR Endpoint Conversion
  • 34.28 FHIR Endpoint Security
  • 34.29 Interceptors
  • 34.30 FHIR Endpoint Partitioning and Multitenancy
  • 34.31 FHIR Gateway Config
  • 34.32 FHIR MDM Server
  • 34.33 FHIR Storage Partitioning and Multitenancy
  • 34.34 FHIR Storage Package Registry
  • 34.35 Versioned References
  • 34.36 FHIR Performance
  • 34.37 FHIR Performance Tracing
  • 34.38 FHIR Realtime Export
  • 34.39 FHIR Resource Types
  • 34.40 FHIR REST Endpoint
  • 34.41 FHIR Search
  • 34.42 FHIR Interceptors
  • 34.43 FHIR Repository Validation
  • 34.44 FHIR Subscription Persistence
  • 34.45 FHIR Subscription Delivery
  • 34.46 FHIR Validation Services
  • 34.47 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 34.48 HL7 v2.x to FHIR Mapper - General
  • 34.49 HL7 v2.x Mapper - Medications
  • 34.50 HL7 v2.x to FHIR Mapper - OBR
  • 34.51 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 34.52 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 34.53 HL7 v2.x to FHIR Mapper - PV1
  • 34.54 HL7 v2.x Listener Script
  • 34.55 HL7 v2.x MLLP Listener
  • 34.56 FHIR to HL7 v2.x Mapper Script
  • 34.57 HL7 v2.x MLLP Sender
  • 34.58 HTTP Access Log
  • 34.59 HTTP Listener
  • 34.60 HTTP Request Pool
  • 34.61 HTTP Security
  • 34.62 Hybrid Providers Definitions
  • 34.63 Initial User Seeding
  • 34.64 JSON Web KeySet (JWKS)
  • 34.65 LDAP Authentication
  • 34.66 Lucene FullText Indexing
  • 34.67 Narrative Generator
  • 34.68 Master Data Management
  • 34.69 OpenID Connect (OIDC)
  • 34.70 Realtime Export
  • 34.71 Request Validating
  • 34.72 Security Inbound Script
  • 34.73 Inbound SMART on FHIR Authentication
  • 34.74 Inbound SMART on FHIR Endpoints
  • 34.75 OpenID Connect Token Validation
  • 34.76 SAML Provider
  • 34.77 OAuth2/OIDC Federation
  • 34.78 SMART Authorization
  • 34.79 SMART Definitions Seeding
  • 34.80 Sessions
  • 34.81 SMART Outbound Security: Callback Script
  • 34.82 SMART Outbound Security: CODAP
  • 34.83 SMART Outbound Security: Login Skin
  • 34.84 SMART Outbound Security: Terms of Service
  • 34.85 Two Factor Authentication
  • 34.86 TLS / SSL (Encryption)
  • 34.87 Trusted Client
  • 34.88 Transaction Log
  • 34.89 User Self Registration
    • 34.79    SMART Definitions Seeding