On this page:
   25.68    OAuth2/OIDC Federation
  • Configuration Categories
  • 25.0 Web Admin Console Settings
  • 25.1 Authentication Callback Scripts
  • 25.2 Auth: General for APIs
  • 25.3 User Authentication
  • 25.4 Auth: HTTP Basic
  • 25.5 Auth: OpenID Connect
  • 25.6 Browser Syntax Highlighting
  • 25.7 Capability Statement (metadata)
  • 25.8 Cluster Manager Subscription Messaging
  • 25.9 Cluster Manager Maintenance
  • 25.10 Cluster Manager Message Broker
  • 25.11 Cluster Manager Kafka
  • 25.12 Credentials
  • 25.13 Cross-Origin Resource Sharing (CORS)
  • 25.14 Database
  • 25.15 ETL Import: CSV Properties
  • 25.16 ETL Import: Source
  • 25.17 FHIR Binary Storage
  • 25.18 FHIR Bulk Operations
  • 25.19 FHIR Configuration
  • 25.20 FHIR Consent Service
  • 25.21 FHIR LiveBundle Service
  • 25.22 FHIR EMPI Server
  • 25.23 FHIR Endpoint Conversion
  • 25.24 FHIR Endpoint Security
  • 25.25 Interceptors
  • 25.26 FHIR Endpoint Partitioning and Multitenancy
  • 25.27 FHIR Gateway Target
  • 25.28 FHIR Gateway Cache
  • 25.29 FHIR Storage Partitioning and Multitenancy
  • 25.30 Package Registry
  • 25.31 FHIR Performance
  • 25.32 FHIR Performance Tracing
  • 25.33 FHIR Resource Types
  • 25.34 FHIR REST Endpoint
  • 25.35 FHIR Search
  • 25.36 FHIR Interceptors
  • 25.37 FHIR Subscription Persistence
  • 25.38 FHIR Subscription Delivery
  • 25.39 FHIR Validation Services
  • 25.40 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 25.41 HL7 v2.x to FHIR Mapper - General
  • 25.42 HL7 v2.x Mapper - Medications
  • 25.43 HL7 v2.x to FHIR Mapper - OBR
  • 25.44 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 25.45 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 25.46 HL7 v2.x to FHIR Mapper - PV1
  • 25.47 HL7 v2.x Listener Script
  • 25.48 HL7 v2.x MLLP Listener
  • 25.49 FHIR to HL7 v2.x Mapper Script
  • 25.50 HL7 v2.x MLLP Sender
  • 25.51 HTTP Access Log
  • 25.52 HTTP Listener
  • 25.53 HTTP Request Pool
  • 25.54 HTTP Security
  • 25.55 Hybrid Providers Definitions
  • 25.56 Initial User Seeding
  • 25.57 JSON Web KeySet (JWKS)
  • 25.58 LDAP Authentication
  • 25.59 Lucene FullText Indexing
  • 25.60 Narrative Generator
  • 25.61 OpenID Connect (OIC)
  • 25.62 Request Validating
  • 25.63 Security Inbound Script
  • 25.64 Inbound SMART on FHIR Authentication
  • 25.65 Inbound SMART on FHIR Endpoints
  • 25.66 OpenID Connect Token Validation
  • 25.67 SAML Provider
  • 25.68 OAuth2/OIDC Federation
  • 25.69 SMART Authorization
  • 25.70 SMART Definitions Seeding
  • 25.71 Sessions
  • 25.72 SMART Outbound Security: Callback Script
  • 25.73 SMART Outbound Security: CODAP
  • 25.74 SMART Outbound Security: Login Skin
  • 25.75 Two Factor Authentication
  • 25.76 TLS / SSL (Encryption)
  • 25.77 Trusted Client
  • 25.78 Trusted Client
  • 25.79 Miscellaneous Categories
    • 25.70    SMART Definitions Seeding   
       Table of Contents

    SMART Authorization

    25.69SMART Authorization

     

    The SMART Authorization configuration category includes the following configurable options:

    • Enforce Approved Scopes to Restrict Permissions

    25.69.1Property: Enforce Approved Scopes to Restrict Permissions

     
    Property Name Enforce Approved Scopes to Restrict Permissions
    Property Key
    Property Type BOOLEAN
    Description When enabled, permission will be stripped from a user's session if they are not supported by an approved SMART on FHIR scope. For example, any FHIR write permissions will be removed from a session if the user has not approved (or a client is set to auto-approve) a scope such as Patient/*.write.
    Default Value true
    Example Property 
    module.[MODULE_ID].config.enforce_approved_scopes_to_restrict_permissions = true
       25.68    OAuth2/OIDC Federation
  • Configuration Categories
  • 25.0 Web Admin Console Settings
  • 25.1 Authentication Callback Scripts
  • 25.2 Auth: General for APIs
  • 25.3 User Authentication
  • 25.4 Auth: HTTP Basic
  • 25.5 Auth: OpenID Connect
  • 25.6 Browser Syntax Highlighting
  • 25.7 Capability Statement (metadata)
  • 25.8 Cluster Manager Subscription Messaging
  • 25.9 Cluster Manager Maintenance
  • 25.10 Cluster Manager Message Broker
  • 25.11 Cluster Manager Kafka
  • 25.12 Credentials
  • 25.13 Cross-Origin Resource Sharing (CORS)
  • 25.14 Database
  • 25.15 ETL Import: CSV Properties
  • 25.16 ETL Import: Source
  • 25.17 FHIR Binary Storage
  • 25.18 FHIR Bulk Operations
  • 25.19 FHIR Configuration
  • 25.20 FHIR Consent Service
  • 25.21 FHIR LiveBundle Service
  • 25.22 FHIR EMPI Server
  • 25.23 FHIR Endpoint Conversion
  • 25.24 FHIR Endpoint Security
  • 25.25 Interceptors
  • 25.26 FHIR Endpoint Partitioning and Multitenancy
  • 25.27 FHIR Gateway Target
  • 25.28 FHIR Gateway Cache
  • 25.29 FHIR Storage Partitioning and Multitenancy
  • 25.30 Package Registry
  • 25.31 FHIR Performance
  • 25.32 FHIR Performance Tracing
  • 25.33 FHIR Resource Types
  • 25.34 FHIR REST Endpoint
  • 25.35 FHIR Search
  • 25.36 FHIR Interceptors
  • 25.37 FHIR Subscription Persistence
  • 25.38 FHIR Subscription Delivery
  • 25.39 FHIR Validation Services
  • 25.40 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 25.41 HL7 v2.x to FHIR Mapper - General
  • 25.42 HL7 v2.x Mapper - Medications
  • 25.43 HL7 v2.x to FHIR Mapper - OBR
  • 25.44 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 25.45 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 25.46 HL7 v2.x to FHIR Mapper - PV1
  • 25.47 HL7 v2.x Listener Script
  • 25.48 HL7 v2.x MLLP Listener
  • 25.49 FHIR to HL7 v2.x Mapper Script
  • 25.50 HL7 v2.x MLLP Sender
  • 25.51 HTTP Access Log
  • 25.52 HTTP Listener
  • 25.53 HTTP Request Pool
  • 25.54 HTTP Security
  • 25.55 Hybrid Providers Definitions
  • 25.56 Initial User Seeding
  • 25.57 JSON Web KeySet (JWKS)
  • 25.58 LDAP Authentication
  • 25.59 Lucene FullText Indexing
  • 25.60 Narrative Generator
  • 25.61 OpenID Connect (OIC)
  • 25.62 Request Validating
  • 25.63 Security Inbound Script
  • 25.64 Inbound SMART on FHIR Authentication
  • 25.65 Inbound SMART on FHIR Endpoints
  • 25.66 OpenID Connect Token Validation
  • 25.67 SAML Provider
  • 25.68 OAuth2/OIDC Federation
  • 25.69 SMART Authorization
  • 25.70 SMART Definitions Seeding
  • 25.71 Sessions
  • 25.72 SMART Outbound Security: Callback Script
  • 25.73 SMART Outbound Security: CODAP
  • 25.74 SMART Outbound Security: Login Skin
  • 25.75 Two Factor Authentication
  • 25.76 TLS / SSL (Encryption)
  • 25.77 Trusted Client
  • 25.78 Trusted Client
  • 25.79 Miscellaneous Categories
    • 25.70    SMART Definitions Seeding