On this page:

30.18Callback Models

 

This page describes various models that are available within different Smile CDR JavaScript callback functions. See individual module documentation for a description of how these objects are used.

30.18.1AssociatedResource

 

This structure represents a link between a user in the auth database and a resource in the FHIR database. This can be used, for example, to specify that a particular user is a specific Patient in the CDR. That linkage can then be applied in order to make security/permission decisions.

Properties

Name Type Description
type Enumeration The relationship between the user and the resource

Options:

  • SELF
resourceId String The resource ID itself, e.g. 'Patient/123'

30.18.2AuthenticationContext

 

Provides details about the context in which an authentication occurred. See onAuthenticateSuccess for information.

Properties

Name Type Description
nodeId String The node ID associated with the request
moduleId String The module ID associated with the request
startTime Date (Instant) The time at which the initial HTTP request was received
remoteAddress String The IP address of the remote party to invoke the service
remoteScheme String The protocol used by the remote party to invoke the service (will generally be http or https)
headers Map<String,String> The headers associated with the request

30.18.3AuthenticationFailure

 

This method represents a failed authentication attempt, and is returned by an authorization callback script.

Properties

Name Type Description
message String An optional message to describe the failure
unknownUsername Boolean Set this property to true if the failure is due to an invalid/unknown username
incorrectPassword Boolean Set this property to true if the failure is due to an invalid/incorrect password

30.18.4AuthenticationRequest

 

This object contains the credentials supplied by a client for authentication purposes

Properties

Name Type Description
username String The username
password String The password
remoteAddress String The IP address of the client
headers Map<String,String> The HTTP headers associated with the request

30.18.5CsvProcessorContext

 

Contains context information passed into the ETL Import module mapping script

Properties

Name Type Description
userJobType String This field can contain an arbitrary token supplied by the client that initiated the job
filename String This field can contain the filename of the specific file being imported

Functions

Name Description
lock(theKey)
Attempt to obtain and lock an arbitrary named semaphore. This can be used to guarantee that two row processors do not attempt to operate on the same underlying resource at the same time by ensuring that one completes before another attempts to commit its own transaction.

Return Type: void
Parameter theKey: The semaphore key. Can be any string.
getProcessingThreadNumber()
Returns the processing thread number. This will be an integer between 0 and the maximum number of processing threads

Return Type: Int

30.18.6FhirEndpointTerminologyResponseMappingSpec

 

Defines a response terminology mapping specification for a FHIR Endpoint module

Properties

Name Type Description
systems Array<FhirEndpointTerminologyResponseMappingSpecSystem>

Example

{
  "systems" : [ {
    "sourceSystemUri" : "http://example.com/lab_codes",
    "targetSystemUri" : "http://loinc.org"
  }, {
    "sourceSystemUri" : "http://example.com/anatomy",
    "targetSystemUri" : "http://snomed.info"
  } ]
}

30.18.7FhirEndpointTerminologyResponseMappingSpecSystem

 

A code system entry for a FhirEndpointTerminologyResponseMappingSpec object

Properties

Name Type Description
sourceSystemUri String
targetSystemUri String

30.18.8GatewayConfiguration

 

This is the outer document element containing configuration for the Smile CDR FHIR Gateway module.

Properties

Name Type Description
targets Array<GatewayTarget>
searchRoutes Array<GatewaySearchRoute>
readRoutes Array<GatewayReadRoute>
operationRoutes Array<GatewayOperationRoute>

Example

{
  "targets" : [ {
    "id" : "target1",
    "baseUrl" : "http://fhir1.example.com/api",
    "resourceIdPrefix" : "TGT1-"
  }, {
    "id" : "target2",
    "baseUrl" : "http://fhir2.example.com/api",
    "resourceIdPrefix" : "TGT2-"
  } ],
  "searchRoutes" : [ {
    "id" : "route1",
    "resourceTypes" : [ "Observation", "Patient", "Encounter" ],
    "targets" : [ {
      "targetId" : "target1"
    }, {
      "targetId" : "target2"
    } ],
    "parallel" : true
  } ]
}

30.18.9GatewayOperation

 

Defines FHIR Operation that can be called through the Smile CDR Gateway

Properties

Name Type Description
name String The name of the FHIR operation
system Boolean This operation can be called at the system level
type Boolean This operation can be called on a FHIR resource type
instance Boolean This operation can be called on a FHIR resource instance

30.18.10GatewayOperationRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR operations

Properties

Name Type Description
operations Array<GatewayOperation> The operations that this route applies to
id String A unique ID for this route
resourceTypes Array<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

30.18.11GatewayReadRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR read and vread operations

Properties

Name Type Description
id String A unique ID for this route
resourceTypes Array<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

30.18.12GatewayRouteTarget

 

Defines a target association for a Smile CDR FHIR Gateway route

Properties

Name Type Description
targetId String The ID of the target server

30.18.13GatewaySearchRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR search operations

Properties

Name Type Description
id String A unique ID for this route
resourceTypes Array<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

30.18.14GatewayTarget

 

Contains the definition for an individual Smile CDR FHIR Gateway target server

Properties

Name Type Description
id String An internal ID for the target server
baseUrl String The base URL for the target server
httpBasicCredentials String If specified, these credentials (in the form username:password) will be passed in all client requests to the target server
connectTimeoutMillis Int Specifies a connection timeout (in millis) to use for communication with the target server. Default is 60000
socketTimeoutMillis Int Specifies a socket timeout (in millis) to use for communication with the target server. Default is 60000
resourceIdPrefix String If specified, provides a prefix that will be added to all resource IDs and local references for the target server before returning to the client
useHttpPostForAllSearches Boolean If set to true, FHIR search operations against the target server will be performed using an HTTP POST instead of a GET. Default is false
serverCapabilityStatementValidationEnabled Boolean If set to false, FHIR Gateway will not validate the target server's CapabilityStatement with a request to /metadata. Default is true
headersToForward Array<String> Any headers specified by name will be copied from the incoming client request and added to requests to the target server
allowedToFail Boolean If set to true, FHIR search operations against the target server that fail will not return an error to the client, unless all targets for a given request have failed. This flag does not apply to read routes. Default is false
forcedEncoding Enumeration If set, any requests containing a payload will have their payload re-encoded to the defined content-type before being forwarded to the target server

Options:

  • JSON
  • RDF
  • XML

30.18.15GrantedAuthority

 

A granted authority is a single user authority (permission) that has been granted to a user. This authority has a permission name, and optionally an argument.

Properties

Name Type Description
permission Enumeration The name of the permission. See permissions for information on available permissions.

Options:

  • ACCESS_ADMIN_JSON
  • ACCESS_ADMIN_WEB
  • ACCESS_FHIRWEB
  • ACCESS_FHIR_ENDPOINT
  • AG_ADMIN_CONSOLE_READ
  • AG_ADMIN_CONSOLE_WRITE
  • AG_DEV_PORTAL_READ
  • AG_DEV_PORTAL_WRITE
  • ARCHIVE_MODULE
  • CHANGE_OWN_DEFAULT_LAUNCH_CONTEXTS
  • CHANGE_OWN_PASSWORD
  • CHANGE_OWN_TFA_KEY
  • CONTROL_MODULE
  • CREATE_CDA_TEMPLATE
  • CREATE_MODULE
  • CREATE_USER
  • DELETE_CDA_TEMPLATE
  • DOCREF
  • EMPI_ADMIN
  • EMPI_UPDATE_MATCH_RULES
  • EMPI_VIEW_MATCH_RULES
  • ETL_IMPORT_PROCESS_FILE
  • FHIR_ACCESS_PARTITION_ALL
  • FHIR_ACCESS_PARTITION_NAME
  • FHIR_ALL_DELETE
  • FHIR_ALL_READ
  • FHIR_ALL_WRITE
  • FHIR_BATCH
  • FHIR_CAPABILITIES
  • FHIR_DELETE_ALL_IN_COMPARTMENT
  • FHIR_DELETE_ALL_OF_TYPE
  • FHIR_DELETE_CASCADE_ALLOWED
  • FHIR_DELETE_EXPUNGE
  • FHIR_DELETE_TYPE_IN_COMPARTMENT
  • FHIR_EMPI_ADMIN
  • FHIR_EXPUNGE_DELETED
  • FHIR_EXPUNGE_EVERYTHING
  • FHIR_EXPUNGE_PREVIOUS_VERSIONS
  • FHIR_EXTENDED_OPERATION_ON_ANY_INSTANCE_OF_TYPE
  • FHIR_EXTENDED_OPERATION_ON_SERVER
  • FHIR_EXTENDED_OPERATION_ON_TYPE
  • FHIR_GET_RESOURCE_COUNTS
  • FHIR_GRAPHQL
  • FHIR_LIVEBUNDLE
  • FHIR_MANAGE_PARTITIONS
  • FHIR_MANUAL_VALIDATION
  • FHIR_MDM_ADMIN
  • FHIR_META_OPERATIONS_SUPERUSER
  • FHIR_MODIFY_SEARCH_PARAMETERS
  • FHIR_OP_BINARY_ACCESS_READ
  • FHIR_OP_BINARY_ACCESS_WRITE
  • FHIR_OP_CQL_EVALUATE_MEASURE
  • FHIR_OP_EMPI_CLEAR
  • FHIR_OP_EMPI_DUPLICATE_PERSONS
  • FHIR_OP_EMPI_MERGE_PERSONS
  • FHIR_OP_EMPI_QUERY_LINKS
  • FHIR_OP_EMPI_SUBMIT
  • FHIR_OP_EMPI_UPDATE_LINK
  • FHIR_OP_ENCOUNTER_EVERYTHING
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT_GROUP
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT_PATIENT
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT_SYSTEM
  • FHIR_OP_MDM_CLEAR
  • FHIR_OP_MDM_DUPLICATE_GOLDEN_RESOURCES
  • FHIR_OP_MDM_MERGE_GOLDEN_RESOURCES
  • FHIR_OP_MDM_NOT_DUPLICATE
  • FHIR_OP_MDM_QUERY_LINKS
  • FHIR_OP_MDM_SUBMIT
  • FHIR_OP_MDM_UPDATE_LINK
  • FHIR_OP_PATIENT_EVERYTHING
  • FHIR_OP_PATIENT_MATCH
  • FHIR_OP_STRUCTUREDEFINITION_SNAPSHOT
  • FHIR_PATCH
  • FHIR_PROCESS_MESSAGE
  • FHIR_READ_ALL_IN_COMPARTMENT
  • FHIR_READ_ALL_OF_TYPE
  • FHIR_READ_INSTANCE
  • FHIR_READ_SEARCH_PARAMETERS
  • FHIR_READ_TYPE_IN_COMPARTMENT
  • FHIR_TRANSACTION
  • FHIR_TRIGGER_SUBSCRIPTION
  • FHIR_UPLOAD_EXTERNAL_TERMINOLOGY
  • FHIR_WRITE_ALL_IN_COMPARTMENT
  • FHIR_WRITE_ALL_OF_TYPE
  • FHIR_WRITE_INSTANCE
  • FHIR_WRITE_TYPE_IN_COMPARTMENT
  • INVOKE_CDS_HOOKS
  • MANAGE_BATCH_JOBS
  • MDM_ADMIN
  • MDM_UPDATE_MATCH_RULES
  • MDM_VIEW_MATCH_RULES
  • MODULE_ADMIN
  • OPENID_CONNECT_ADD_CLIENT
  • OPENID_CONNECT_ADD_SERVER
  • OPENID_CONNECT_EDIT_CLIENT
  • OPENID_CONNECT_EDIT_SERVER
  • OPENID_CONNECT_MANAGE_GLOBAL_SESSIONS
  • OPENID_CONNECT_VIEW_CLIENT_LIST
  • OPENID_CONNECT_VIEW_SERVER_LIST
  • PACKAGE_REGISTRY_READ
  • PACKAGE_REGISTRY_WRITE
  • REINSTATE_MODULE
  • ROLE_ANONYMOUS
  • ROLE_FHIR_CLIENT
  • ROLE_FHIR_CLIENT_SUPERUSER
  • ROLE_FHIR_CLIENT_SUPERUSER_RO
  • ROLE_FHIR_TERMINOLOGY_READ_CLIENT
  • ROLE_SUPERUSER
  • ROLE_SYSTEM
  • ROLE_SYSTEM_INITIALIZATION
  • SAVE_USER
  • START_STOP_MODULE
  • UPDATE_MODULE_CONFIG
  • UPDATE_USER
  • USE_CDA_TEMPLATE
  • VIEW_AUDIT_LOG
  • VIEW_BATCH_JOBS
  • VIEW_CDA_TEMPLATE
  • VIEW_METRICS
  • VIEW_MODULE_CONFIG
  • VIEW_MODULE_STATUS
  • VIEW_TRANSACTION_LOG
  • VIEW_TRANSACTION_LOG_EVENT
  • VIEW_USERS
argument String The argument for this authority. Note that some permissions do not take an argument while others require an argument. Consult the permission documentation for more information.

30.18.16Hl7V2GeneratedMessageContext

 

Contains details about a converted/generated HL7 v2.x message

30.18.17Hl7V2ReceivedMessage

 

Contains a received HL7 v2.x Message

Properties

Name Type Description
received Date (Instant) The time at which this message was received
rawMessage HL7 v2.x Message The actual HL7 message that was received
controlId String The message control ID (MSH-10)
sendingPort Int The port on the remote system from which the message was sent
sendingPort String The host IP of the remote system from which the message was sent
transactionPid Long The PID assigned to this transaction by the transaction log

30.18.18Hl7V2ReceivedMessageConversionResult

 

Contains the result of an HL7 v2.x message runtime mapping or the conversion outcome of an HL7 v2.x message (into a FHIR payload)

Properties

Name Type Description
doNotProcess Boolean A flag to indicate whether or not a given message should be processed
transactionBundles Array<FHIR Resource> An array of Bundle resources containing transactions to be submitted to the FHIR server

Functions

Name Description
addMessage(thePath, theMessageLevel, theIssue)
This method adds a message to the conversion result. Acceptable message levels are INFO, WARNING, and ERROR

Return Type: void
Parameter thePath: The path within the message where the issue was detected
Parameter theMessageLevel: The issue error level, e.g. 'INFO', 'WARNING', or 'ERROR'.
Parameter theIssue: The description of the issue

30.18.19LaunchContext

 

Represents a SMART launch context that has been assigned to a specific user session

Properties

Name Type Description
contextType String The launch context type, e.g. "patient" (note the lack of capitalization in SMART launch scope types)
resourceId String The launch context resource ID, e.g. "123" (note that the resource type is not included in the ID)

30.18.20LaunchResourceId

 

This structure represents a link between a user in the auth database and a resource in the FHIR database. This can be used, for example, to specify that a particular user is a specific Patient in the CDR. That linkage can then be applied in order to make security/permission decisions.

Properties

Name Type Description
resourceType String The resource type, e.g. 'Patient'
resourceId String The resource ID, e.g. '123'

30.18.21OAuth2AuthorizationRequestDetails

 

Contains details about an OAuth2/OIDC request in progress

Properties

Name Type Description
state String Contains the value of the state URL parameter from the initial OAuth2 authorization request
launch String Contains the value of the launch URL parameter from the initial OAuth2 authorization request
clientId String Contains the authorizing client ID

Functions

Name Description
addAccessTokenClaim(theName, theValue)
Add additional claims to the generated access token

Return Type: void
Parameter theName: The claim name
Parameter theValue: The claim value

30.18.22OAuth2Client

 

Represents an OpenID Connect client

Properties

Name Type Description
moduleId String The Module ID that this client is registered against
nodeId String The Node ID that this client is registered against
pid Long The internal ID for this client.
accessTokenValiditySeconds Int The number of seconds that an access token should be valid once it has been created.
allowedGrantTypes Array<Enumeration> The grant types that this client is permitted to perform. See Authorization Flows for a description of the possible flows.

Options:

  • AUTHORIZATION_CODE
  • CLIENT_CREDENTIALS
  • IMPLICIT
  • JWT_BEARER
  • PASSWORD
  • REFRESH_TOKEN
autoApproveScopes Array<String> Scopes listed here will be automatically approved if requested by the client during the initial authorization request, without requiring the user to explicitly accept them.
autoGrantScopes Array<String> Scopes listed here will be automatically granted during every successful authorization by this client. These scopes do not have to be explicitly requested by the client during the initial authorization request.
clientId String The Client ID (corresponds to the iss field in many OAuth2 exchanges).
clientName String A human friendly description/name for the client.
clientSecrets Array<OAuth2ClientSecret> Optionally contains client secrets to be used by the client in some grant types.
fixedScope Boolean Is this client fixed scope? When authorizing a fixed scope client, the list of scopes requested in the initial authorization request will be ignored, and the complete list of scopes in the Scope property will be assumed. If these scopes are not listed as Auto-Approve, the user will still be required to approve them.
refreshTokenValiditySeconds Int The number of seconds that a refresh token will be valid for.
registeredRedirectUris Array<String> The allowable redirect URIs that may be requested.
scopes Array<String> A list of OAuth2 scopes that the client is allowed to request user approval for.
secretRequired Boolean Is the client secret required in order to authenticate this client?
secretClientCanChange Boolean Can the client change their own secret?
enabled Boolean Is the client enabled?
canIntrospectOwnTokens Boolean Can this client perform token introspection on tokens that it issued?
canIntrospectAnyTokens Boolean Can this client perform token introspecton on any tokens issued by the security module it is registered against?
alwaysRequireApproval Boolean Should the user approval page be displayed even if the client has not requested any scopes that require user approval?
canReissueTokens Boolean Can the OAuth2 server reissue tokens that have been previously issued for this client, if the token request is the same (e.g. for the same user, requesting the same scopes, etc.) and the token is not close to expiry?
permissions Array<GrantedAuthority> Any permission that should be granted directly to the client when it authenticates using the Client Credentials Grant.
rememberApprovedScopes Boolean When a user performs an OAuth2 authentication/authorization flow for this client, should their approved scopes be remembered the next time they authenticate?
attestationAccepted Boolean Has the client developer attested to the policy?
publicJwks String The public JWKS Keystore for this client. Used when the client authenticated using a bearer token.

Functions

Name Description
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
Parameter theArgument: The argument associated with this permission

30.18.23OAuth2ClientSecret

 

A client secret for an OAuth2 client

Properties

Name Type Description
pid Long
secret String
description String
expiration Date (Instant)
activation Date (Instant)

30.18.24OAuth2Clients

 

A collection of OAuth2 clients

Properties

Name Type Description
clients Array<OAuth2Client>
pageIndex Int
totalPages Int

Example

{
  "clients" : [ {
    "clientId" : "my-client-id",
    "clientName" : "Sample Client",
    "enabled" : false,
    "allowedGrantTypes" : [ "AUTHORIZATION_CODE", "REFRESH_TOKEN" ],
    "alwaysRequireApproval" : false,
    "attestationAccepted" : false,
    "canIntrospectAnyTokens" : false,
    "canIntrospectOwnTokens" : false,
    "canReissueTokens" : false,
    "clientSecrets" : [ {
      "secret" : "THIS_IS_A_CLIENT_SECRET",
      "expiration" : "2022-07-26T16:33:39.901+00:00",
      "activation" : "2021-07-26T16:33:39.901+00:00"
    } ],
    "fixedScope" : false,
    "registeredRedirectUris" : [ "http://example.com/app-redirect" ],
    "rememberApprovedScopes" : false,
    "scopes" : [ "openid", "patient/*.read", "profile" ],
    "secretClientCanChange" : false,
    "secretRequired" : true
  } ],
  "pageIndex" : 0,
  "totalPages" : 0
}

30.18.25OAuth2Server

 

An OAuth2/OpenID Connect server definition

Properties

Name Type Description
pid Long The internal persistence ID for this provider.
name String A user friendly name/description of this provider.
issuer String The issuer URL.
tokenIntrospectionClientId String The client ID to use when performing token introspection against this provider.
tokenIntrospectionClientSecret String The client secret to use when performing token introspection against this provider.
nodeId String The Node ID for the security module that this definition applies to.
moduleId String The security Module ID that this definition applies to.
validationJwkText String A JSON document containing the JWK Set containing the public key used to validate signed tokens issued by this server. This is not required for federated server definitions but is required otherwise.
validationJwkFile String A local file path / classpath to use to supply the JWK Set containing the public key used to validate signed tokens issued by this server. This field applies only to non-federated providers.
federationRegistrationId String A unique identifier for the federation between Smile CDR and the federated provider. If this is left blank, a unique value will be automatically created by Smile CDR. You may choose to use a more descriptive value however, as it will appear in URLs and log statements. Since this value will appear in URL paths, only letters and numbers should be used with no whitespace.
federationRequestScopes String When requesting authorization against the federated provider, this setting controls which OAuth2 scopes will be requested. Note that the scopes requested by the security module from the federated provider are independent from the scopes requested by the SMART application that is authorizing against Smile CDR. In a typical flow, a SMART on FHIR application will request SMART scopes from Smile CDR, and Smile CDR will in turn request a different set of appropriate scopes from the federated provider.
federationAuthorizationUrl String The URL to redirect the requesting user to in order to request user authentication/authorization with the federated provider.
federationTokenUrl String The service URL used by the SMART Outbound Security module for code exchange when requesting a token from the federated provider.
federationUserInfoUrl String The service URL used by the SMART Outbound Security module for requesting user details.
federationJwkSetUrl String The URL from which to obtain the federated provider's token signing public key.
federationAuthScriptText String When using Federated OAuth2/OIDC Login, a script is used to bridge between the user authorization details received from the federated provider and the requested authorization details in the originating SMART on FHIR application. This script is used to assign appropriate permissions and inject any other required details into the user session. It may obtain all required information by inspecting the access token details, or it may make additional service calls to fetch information.

30.18.26OAuth2Servers

 

A collection of OAuth2/OpenID Connect server definitions

Properties

Name Type Description
servers Array<OAuth2Server>
pageIndex Int
totalPages Int

Example

{
  "servers" : [ {
    "issuer" : "http://idp.example.com",
    "name" : "Acme Identity Provider Corp",
    "tokenIntrospectionClientId" : "my-client-id",
    "tokenIntrospectionClientSecret" : "THIS_IS_A_CLIENT_SECRET"
  } ],
  "pageIndex" : 0,
  "totalPages" : 0
}

30.18.27OAuth2SmartContextSelectionChoicePerson

 

A person to use as an option for context selection.

Properties

Name Type Description
familyName String
givenName String
birthDate String The birth date associated with this person. Note that element is treated as a freetext string, and any format is accepted.
userData Map<String,Object> The user data for this person.
id String A unique ID for the person entry. This property is set automatically and can not be changed.
associatedPatientContextResourceId String
associatedAuthorities Array<GrantedAuthority>

Functions

Name Description
clearUserData(theName)
Clear all user data.

Return Type: void
Parameter theName: The user data attribute name
setUserDataINN(theName, theValue)
Sets a user supplied data value in the session if value is not null.

Return Type: void
Parameter theName: The user data attribute name
Parameter theValue: The attribute value
hasUserData(theName)
Has user data for name been set?

Return Type: Boolean
Parameter theName: The user data attribute name
getUserString(theName)
Get a user supplied data value as a string (converting if needed) or null if unset.

Return Type: String
Parameter theName: The user data attribute name
getUserInt(theName)
Get a user supplied data value as a integer, converting null/unset to 0.

Return Type: Int
Parameter theName: The user data attribute name
setUserData(theName, theValue)
Sets a user supplied data value in the session.

Return Type: void
Parameter theName: The user data attribute name
Parameter theValue: The attribute value
getUserData(theName)
Get a user supplied data value.

Return Type: Object
Parameter theName: The user data attribute name
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
Parameter theArgument: The argument associated with this permission

30.18.28OAuth2SmartContextSelectionChoices

 

This object represents a set of context choices that can be selected from by a user authorizing an app via the SMART Outbound Security module.

Properties

Name Type Description
persons Array<OAuth2SmartContextSelectionChoicePerson> persons

Functions

Name Description
haveChoices()
Returns true if one or more persons has been added to this object

Return Type: Boolean
addPerson()
Adds and returns a person object

Return Type: OAuth2SmartContextSelectionChoicePerson

30.18.29Oauth2InvalidateTokensResponseJson

 

Response object when invalidating OpenID Connect tokens

Properties

Name Type Description
accessTokenCount Int The count of invalidated access tokens
refreshTokenCount Int The count of invalidated refresh tokens

30.18.30PackageInstallationSpec

 

Defines a set of instructions for package installation

Properties

Name Type Description
packageUrl String The direct package URL
name String The NPM package Name
version String The direct package version
installMode Enumeration Should resources from this package be extracted from the package and installed into the repository individually

Options:

  • STORE_AND_INSTALL
  • STORE_ONLY
installResourceTypes Array<String> If resources are being installed individually, this is list provides the resource types to install. By default, all conformance resources will be installed.
fetchDependencies Boolean Should dependencies be automatically resolved, fetched and installed with the same settings

Example

{
  "name" : "hl7.fhir.us.core",
  "version" : "3.1.0",
  "installMode" : "STORE_ONLY",
  "fetchDependencies" : true
}

Example

{
  "name" : "com.example.my-resources",
  "version" : "1.0",
  "packageUrl" : "classpath:/my-resources.tgz",
  "installMode" : "STORE_AND_INSTALL",
  "installResourceTypes" : [ "Organization", "Medication", "PlanDefinition", "SearchParameter" ],
  "fetchDependencies" : false
}

30.18.31PartitionDefinition

 

A partition definition

Properties

Name Type Description
id Int
name String
description String

30.18.32PartitionDefinitions

 

A collections of partition definitions

Properties

Name Type Description
partitions Array<PartitionDefinition>

Example

{
  "partitions" : [ {
    "id" : 1,
    "name" : "Partition-A",
    "description" : "The first partition"
  }, {
    "id" : 2,
    "name" : "Partition-B",
    "description" : "The second partition"
  } ]
}

30.18.33RequestDetailsJson

 

This object contains details about a FHIR request at runtime

Properties

Name Type Description
approvedScopes Array<String>
tenantId String
compartmentName String
completeUrl String
fhirServerBase String
id String
operation String
requestPath String
requestType Enumeration

Options:

  • CONNECT
  • DELETE
  • GET
  • HEAD
  • OPTIONS
  • PATCH
  • POST
  • PUT
  • TRACE
  • TRACK
resourceName String
respondGzip Boolean
restOperationType Enumeration

Options:

  • ADD_TAGS
  • BATCH
  • CREATE
  • DELETE
  • DELETE_TAGS
  • EXTENDED_OPERATION_INSTANCE
  • EXTENDED_OPERATION_SERVER
  • EXTENDED_OPERATION_TYPE
  • GET_PAGE
  • GET_TAGS
  • GRAPHQL_REQUEST
  • HISTORY_INSTANCE
  • HISTORY_SYSTEM
  • HISTORY_TYPE
  • META
  • METADATA
  • META_ADD
  • META_DELETE
  • PATCH
  • READ
  • SEARCH_SYSTEM
  • SEARCH_TYPE
  • TRANSACTION
  • UPDATE
  • VALIDATE
  • VREAD
secondaryOperation String
subRequest Boolean

Functions

Name Description
getParameters(arg0)
Returns an array of URL values for the given parameter

Return Type: Array<String>
Parameter arg0: theParameterName
getHeader(arg0)
Returns an array of HTTP header values for the given key

Return Type: Array<String>
Parameter arg0: theHeaderName

30.18.34ScriptAuthenticationOutcomeFactory

 

This object is used by authorization scripts to create success or failure objects to be returned by the script function.

Functions

Name Description
newSuccess()
This method creates a successful response that can be populated by the script, and then returned by the function.

Return Type: UserSessionDetails
newFailure()
This method creates a failure response that can be populated by the script, and then returned by the function.

Return Type: AuthenticationFailure

30.18.35ScriptConsentContextServices

 

This object is passed to consent services scripts to provide context services

Functions

Name Description
proceed()
Advise the consent service that this operation should proceed (i.e. the operation will not be rejected, and the consent service will continue to evaluate)

Return Type: void
reject()
Advise the consent service that this operation should be rejected

Return Type: void
authorized()
Advise the consent service that this operation should be authorized (i.e. no further checking should occur)

Return Type: void

30.18.36SecurityInLdapAuthenticationContext

 

Provides details and functions around the context of an authentication using the LDAP Inbound Security module. Objects of this type inherit all properties of their ancestor type AuthenticationContext.

Properties

Name Type Description
nodeId String The node ID associated with the request
moduleId String The module ID associated with the request
startTime Date (Instant) The time at which the initial HTTP request was received
remoteAddress String The IP address of the remote party to invoke the service
remoteScheme String The protocol used by the remote party to invoke the service (will generally be http or https)
headers Map<String,String> The headers associated with the request

Functions

Name Description
getStringAttributes(theAttributeName)
Fetch string attribute values for the given attribute name in LDAP for the authenticated user

Return Type: Array<String>
Parameter theAttributeName: The LDAP attribute name
queryStringAttributes(theAttributeName)
Query string attribute values for the given attribute name in LDAP for the authenticated user.Useful for fetching dynamic attributes not loaded during the authentication bind.

Return Type: Array<String>
Parameter theAttributeName: The LDAP attribute name
isMemberOfGroup(theGroupDn, theMemberAttribute)
Return true if the authenticated user is in the given group

Return Type: Boolean
Parameter theGroupDn: The fully qualified LDAP Group DN
Parameter theMemberAttribute: The LDAP user attribute to use to indicate group membership
isMemberOfGroup(theGroupDn)
Return true if the authenticated user is in the given group using member as membership attribute

Return Type: Boolean
Parameter theGroupDn: The fully qualified LDAP Group DN
isMemberOfGroup(theGroupDn, theMemberAttribute, theSearchBaseDn)
Return true if the authenticated user is in the given group. LDAP static groups with class:groupOfNames use member to enumerate members. This is the default value for theMemberAttribute.But if the group is defined differently (e.g. groupOfUniqueNames uses uniqueMember), pass that attribute name as theMemberAttribute.Use theSearchBaseDn to (optionally) scope the search for groups.

Return Type: Boolean
Parameter theGroupDn: The fully qualified LDAP Group DN
Parameter theMemberAttribute: The LDAP user attreibute to use to indicate group membership
Parameter theSearchBaseDn: The LDAP base DN to search

30.18.37SecurityInSmartAuthenticationContext

 

Provides the context for the onAuthenticateSuccess callback method on the SMART Inbound Security module. Objects of this type inherit all properties of their ancestor type AuthenticationContext.

Properties

Name Type Description
nodeId String The node ID associated with the request
moduleId String The module ID associated with the request
startTime Date (Instant) The time at which the initial HTTP request was received
remoteAddress String The IP address of the remote party to invoke the service
remoteScheme String The protocol used by the remote party to invoke the service (will generally be http or https)
headers Map<String,String> The headers associated with the request

Functions

Name Description
getStringClaim(arg0)
This function returns the claim contained within the encoded ID token JWT. The claim value is expected to be a string.

Return Type: String
Parameter arg0: theName
getApprovedScopes()
This function returns an array of the approved scopes

Return Type: Array<String>
hasApprovedScope(arg0)
This function returns true if the the session has been approved for the given OAuth2 scope

Return Type: Boolean
Parameter arg0: theScope
getStringArrayClaim(arg0)
This function returns the claim contained within the encoded ID token JWT. The claim value is expected to be an array of strings.

Return Type: Array<String>
Parameter arg0: theName

30.18.38SmartCodapAuthorizationRequest

 

This object is passed to the SMART Cross-Organization Data Access Profile authorization callback script

Properties

Name Type Description
requestingPractitioner FHIR Resource The identity of the requesting user
requestedRecord FHIR Resource The identity of the user being requested
reasonForRequest String The client-supplied reason for the request
clientId String The client ID
scope Array<String> All OAuth2 scopes that were requested by the client
rawAuthorizationToken String Contains the raw authorization token (should be a signed JWT)
rawAuthenticationToken String Contains the raw authentication token (should be a signed JWT)

30.18.39SmartOnPostAuthorizeDetails

 

This class represents a completed SMART Authorization. It contains details about the authorization, what was granted, who it was granted to, etc.

Properties

Name Type Description
grantType String The OAuth2 grant type requested by the client, e.g. authorization_code or implicit
accessToken String The generated access token that will be returned to the client
grantedScopes Array<String> All OAuth2 scopes that were granted to the client
expiration Date (Instant) The expiration time of the authorization
requestingPractitioner FHIR Resource The identity of the requesting user
requestedRecord FHIR Resource The identity of the user being requested
refreshToken String The generated refresh token that will be returned to the client

30.18.40UserDetails

 

A user definition

Properties

Name Type Description
accountDisabled Boolean Is this account currently disabled?
notes String Any notes regarding this user
email String The user email address
accountExpiry Date (Instant) The expiry date for the user (if any) or null if the account should not expire
accountLocked Boolean Is this account currently locked?
failedLoginAttempts Int Number of consecutive failed login attempts
authorities Array<GrantedAuthority> Any authorities (permissions) granted to this user
associatedResources Array<AssociatedResource> A collection of "associated resource" IDs. Associated resources are FHIR resources with some connection to the given user, such as a Patient or Practitioner resource representing the actual user.
credentialExpiry Date (Instant) If set, provides the date that the user credentials will expire
familyName String The user's family (last) name
givenName String The user's given (first) name
lastActive Date (Instant) The date at which the user account was last used. Note that this property is read-only, and is only updated once per day, so it is accurate only to the date.
moduleId String The module ID associated with this user account. This is the module ID associated with the Inbound Security module that is responsible for authenticating this user.
nodeId String The node ID associated with this user. This is the master node ID associated with the Inbound Security module that is responsible for authenticating this user.
password String The user password (note that this property will not be populated when sessions are made available to user code)
pid Long The PID (internal ID) for this user
username String The username for this user
usernameNamespace String The username namespace associated with this user
systemUser Boolean If this is set, the user cannot be renamed or deleted (this property may only be set by the system)
external Boolean If this value is set, the user is backed by an external user directory (this property may only be set by the system)
defaultLaunchContexts Array<LaunchContext>
serviceAccount Boolean
twoFactorAuthStatus Enumeration

Options:

  • KEY_DEFINED_UNCONFIRMED
  • NO_KEY_DEFINED
  • TOTP_ENABLED

Functions

Name Description
hasAuthority(thePermission)
Does the user have the given permission?

Return Type: Boolean
Parameter thePermission: The name of the permission, e.g. 'ROLE_FHIR_CLIENT'
getOrCreateDefaultLaunchContext(theContextType)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: The context type, e.g. "patient" or "practitioner"
getOrCreateDefaultLaunchContext(theContextType, theIndex)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: The context type, e.g. "patient" or "practitioner"
Parameter theIndex: The index, starting at 0
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
Parameter theArgument: The argument associated with this permission

30.18.41UserDetailsChangeLaunchContextJson

 

Input type for a user update to the launch context(s) associated with their account.

Properties

Name Type Description
contexts Array<LaunchContext>

Example

{
  "contexts" : [ {
    "contextType" : "patient",
    "resourceId" : "Patient/123"
  } ]
}

30.18.42UserDetailsList

 

A collection of users

Properties

Name Type Description
users Array<UserDetails>

30.18.43UserDetailsOAuth2AllClientApprovals

 

Contains the list of clients for which a user has current OAuth2 sessions (access and refresh tokens) or remembered scopes.

Properties

Name Type Description
clients Array<UserDetailsOAuth2ClientApprovals> The list of OAuth2 clients and their approved scopes

30.18.44UserDetailsOAuth2ClientApprovals

 

Contains the details of an individual client for which a user has approved scopes and/or active tokens.

Properties

Name Type Description
clientNodeId String The node ID associated with the client ID
clientModuleId String The module ID associated with the client ID
clientId String The OAuth2 client ID.
clientName String The name of the client, from the Smile CDR Client definition.
approvedScopes Array<UserDetailsOAuth2ClientApprovalsApprovedScope> A list of approved scopes for this client.

30.18.45UserDetailsOAuth2ClientApprovalsApprovedScope

 

Contains the details of an approved scope for a given user and client.

Properties

Name Type Description
scope String
description String

30.18.46UserSessionDetails

 

A user session details object contains details about a logged in user and a specific session they have established with the authorization server.

Properties

Name Type Description
launchResourceIds Array<LaunchResourceId> Specifies the IDs that will be returned to the user as launch context if the SMART authorization flow requests a launch context
approvedScopes Array<String> If the session is an OAuth2 session (i.e. it is accessed via a bearer token that was granted by a SMART Auth server) this field will be populated with the set of scopes that were approved for the client
oidcClientId String If the session is an OAuth2 session (i.e. it is accessed via a bearer token that was granted by a SMART Auth server) this field will be populated with the id of the client.
oidcClientNodeId String The node ID associated with OIDC client of this user.
oidcClientModuleId String The module ID associated with the OIDC client of this user account.
userData Map<String,Object> The user data for this session.
fhirUserUrl String Specifies the FHIR Resource URL associated with this user session. This value will be used to provide the fhirUser claim in returned ID Tokens, and is not used for other purposes.
accountDisabled Boolean Is this account currently disabled?
notes String Any notes regarding this user
email String The user email address
accountExpiry Date (Instant) The expiry date for the user (if any) or null if the account should not expire
accountLocked Boolean Is this account currently locked?
failedLoginAttempts Int Number of consecutive failed login attempts
authorities Array<GrantedAuthority> Any authorities (permissions) granted to this user
associatedResources Array<AssociatedResource> A collection of "associated resource" IDs. Associated resources are FHIR resources with some connection to the given user, such as a Patient or Practitioner resource representing the actual user.
credentialExpiry Date (Instant) If set, provides the date that the user credentials will expire
familyName String The user's family (last) name
givenName String The user's given (first) name
lastActive Date (Instant) The date at which the user account was last used. Note that this property is read-only, and is only updated once per day, so it is accurate only to the date.
moduleId String The module ID associated with this user account. This is the module ID associated with the Inbound Security module that is responsible for authenticating this user.
nodeId String The node ID associated with this user. This is the master node ID associated with the Inbound Security module that is responsible for authenticating this user.
password String The user password (note that this property will not be populated when sessions are made available to user code)
pid Long The PID (internal ID) for this user
username String The username for this user
usernameNamespace String The username namespace associated with this user
systemUser Boolean If this is set, the user cannot be renamed or deleted (this property may only be set by the system)
external Boolean If this value is set, the user is backed by an external user directory (this property may only be set by the system)
defaultLaunchContexts Array<LaunchContext>
serviceAccount Boolean
twoFactorAuthStatus Enumeration

Options:

  • KEY_DEFINED_UNCONFIRMED
  • NO_KEY_DEFINED
  • TOTP_ENABLED

Functions

Name Description
getLaunchResourceIdsForResourceType(theResourceType)
Provides the launch context resource IDs associated with this session for a given resource type, returning an array of LaunchResourceId objects.

Return Type: Array<LaunchResourceId>
Parameter theResourceType: The launch context resource type. Note that this value is not capitalized, e.g. patient or encounter.
addApprovedScope(theScope)
Add an approved scope to the session

Return Type: void
Parameter theScope: The SMART on FHIR/OIDC scope name
removeApprovedScope(theScope)
Remove an approved scope to the session. This method has no effect if the given scope is not in the existing approved scope list.

Return Type: void
Parameter theScope: The SMART on FHIR/OIDC scope name
getLaunchResourceIdForResourceType(theResourceType)
Provides a single launch context resource ID associated with this session for a given resource type, returning the resource ID (e.g. 123) or null if none are found.

Return Type: String
Parameter theResourceType: The launch context resource type. Note that this value is not capitalized, e.g. patient or encounter.
getLaunchResourceIds()
Provides the launch context resource IDs associated with this session

Return Type: Array<LaunchResourceId>
addLaunchResourceId(theResourceType, theResourceId)
Adds a launch context resource id

Return Type: void
Parameter theResourceType: The launch context resource type. Note that this value is not capitalized, e.g. patient or encounter.
Parameter theResourceId: The resource ID. This value does not include a resource type, e.g. 123.
hasAuthority(thePermission)
Does the user have the given permission?

Return Type: Boolean
Parameter thePermission: The name of the permission, e.g. 'ROLE_FHIR_CLIENT'
getOrCreateDefaultLaunchContext(theContextType)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: The context type, e.g. "patient" or "practitioner"
getOrCreateDefaultLaunchContext(theContextType, theIndex)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: The context type, e.g. "patient" or "practitioner"
Parameter theIndex: The index, starting at 0
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: The Smile CDR permission name
Parameter theArgument: The argument associated with this permission
clearUserData(theName)
Clear all user data.

Return Type: void
Parameter theName: The user data attribute name
setUserDataINN(theName, theValue)
Sets a user supplied data value in the session if value is not null.

Return Type: void
Parameter theName: The user data attribute name
Parameter theValue: The attribute value
hasUserData(theName)
Has user data for name been set?

Return Type: Boolean
Parameter theName: The user data attribute name
getUserString(theName)
Get a user supplied data value as a string (converting if needed) or null if unset.

Return Type: String
Parameter theName: The user data attribute name
getUserInt(theName)
Get a user supplied data value as a integer, converting null/unset to 0.

Return Type: Int
Parameter theName: The user data attribute name
setUserData(theName, theValue)
Sets a user supplied data value in the session.

Return Type: void
Parameter theName: The user data attribute name
Parameter theValue: The attribute value
getUserData(theName)
Get a user supplied data value.

Return Type: Object
Parameter theName: The user data attribute name