Smile CDR v2024.05.PRE
On this page:

39.20.1Callback Models

 

This page describes various models that are available within different Smile CDR JavaScript callback functions. See individual module documentation for a description of how these objects are used.

39.20.2AssociatedResource

 

This structure represents a link between a user in the auth database and a resource in the FHIR database. This can be used, for example, to specify that a particular user is a specific Patient in the CDR. That linkage can then be applied in order to make security/permission decisions.

39.20.2.1Properties

Name Type Description
type Enumeration The relationship between the user and the resource

Options:

  • SELF
resourceId String The resource ID itself, e.g. 'Patient/123'

39.20.3AuthenticationContext

 

Provides details about the context in which an authentication occurred. See onAuthenticateSuccess for information.

39.20.3.1Properties

Name Type Description
nodeId String The node ID associated with the request
moduleId String The module ID associated with the request
startTime Date (Instant) The time at which the initial HTTP request was received
remoteAddress String The IP address of the remote party to invoke the service
remoteScheme String The protocol used by the remote party to invoke the service (will generally be http or https)
headers Map<String,String> The headers associated with the request

39.20.4AuthenticationFailure

 

This method represents a failed authentication attempt, and is returned by an authorization callback script.

39.20.4.1Properties

Name Type Description
message String
unknownUsername Boolean
incorrectPassword Boolean

39.20.5AuthenticationRequest

 

This object contains the credentials supplied by a client for authentication purposes

39.20.5.1Properties

Name Type Description
username String The username
password String The password
remoteAddress String The IP address of the client
headers Map<String,String> The HTTP headers associated with the request

39.20.6ClientSessionJson

 

A client session object contains details about an OIDC client's OAuth2 session (i.e. it was accessed via a bearer token that was granted by a SMART Auth server)

39.20.6.1Properties

Name Type Description
clientId String The ID associated with OIDC client.

39.20.7CsvProcessorContext

 

Contains context information passed into the ETL Import module mapping script

39.20.7.1Properties

Name Type Description
userJobType String This field can contain an arbitrary token supplied by the client that initiated the job
filename String This field can contain the filename of the specific file being imported

39.20.7.2Functions

Name Description
getProcessingThreadNumber()
Returns the processing thread number. This will be an integer between 0 and the maximum number of processing threads

Return Type: Int
lock(theKey)
Attempt to obtain and lock an arbitrary named semaphore. This can be used to guarantee that two row processors do not attempt to operate on the same underlying resource at the same time by ensuring that one completes before another attempts to commit its own transaction.

Return Type: void
Parameter theKey: theKey

39.20.8FhirContextEntry

 

This structure represents an entry that captures a single entry in fhirContext, which can be either be a reference only (ex: "PractitionerRole/123") or a reference/role pair (ex: "List/123", "role": "https://example.org/med-list-at-home"). A reference is commonly to a FHIR resource and a role is an optional property with a URI identifying the role. The entire fhirContext is encoded in the access token and used by the relevant Smart application.

39.20.8.1Properties

Name Type Description
reference String The reference to a resource, e.g. 'PractitionerRole/123'
role String The role, e.g. 'https://example.org/med-list-at-home'

39.20.9FhirEndpointTerminologyResponseMappingSpec

 

Defines a response terminology mapping specification for a FHIR Endpoint module

39.20.9.1Properties

Name Type Description
systems Array<FhirEndpointTerminologyResponseMappingSpecSystem>

39.20.9.2Example

{
  "systems" : [ {
    "sourceSystemUri" : "http://example.com/lab_codes",
    "targetSystemUri" : "http://loinc.org"
  }, {
    "sourceSystemUri" : "http://example.com/anatomy",
    "targetSystemUri" : "http://snomed.info"
  } ]
}

39.20.10FhirEndpointTerminologyResponseMappingSpecSystem

 

A code system entry for a FhirEndpointTerminologyResponseMappingSpec object

39.20.10.1Properties

Name Type Description
sourceSystemUri String
targetSystemUri String

39.20.11GatewayConfiguration

 

This is the outer document element containing configuration for the Smile CDR FHIR Gateway module.

39.20.11.1Properties

Name Type Description
targets Array<GatewayTarget>
searchRoutes Array<GatewaySearchRoute>
readRoutes Array<GatewayReadRoute>
operationRoutes Array<GatewayOperationRoute>
updateRoutes Array<GatewayUpdateRoute>
createRoutes Array<GatewayCreateRoute>
deleteRoutes Array<GatewayDeleteRoute>
transactionRoutes Array<GatewayTransactionRoute>

39.20.11.2Example

{
  "targets" : [ {
    "id" : "target1",
    "baseUrl" : "http://fhir1.example.com/api",
    "resourceIdPrefix" : "TGT1-"
  }, {
    "id" : "target2",
    "baseUrl" : "http://fhir2.example.com/api",
    "resourceIdPrefix" : "TGT2-"
  } ],
  "searchRoutes" : [ {
    "id" : "route1",
    "resourceTypes" : [ "Observation", "Patient", "Encounter" ],
    "targets" : [ {
      "targetId" : "target1"
    }, {
      "targetId" : "target2"
    } ],
    "parallel" : true,
    "disablePaging" : false
  } ]
}

39.20.12GatewayCreateRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR create operations.

39.20.12.1Properties

Name Type Description
id String A unique ID for this route
resourceTypes Set<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

39.20.13GatewayDeleteRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR delete operations.

39.20.13.1Properties

Name Type Description
id String A unique ID for this route
resourceTypes Set<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

39.20.14GatewayOperation

 

Defines FHIR Operation that can be called through the Smile CDR Gateway

39.20.14.1Properties

Name Type Description
name String The name of the FHIR operation
system Boolean This operation can be called at the system level
type Boolean This operation can be called on a FHIR resource type
instance Boolean This operation can be called on a FHIR resource instance

39.20.15GatewayOperationRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR operations

39.20.15.1Properties

Name Type Description
operations Array<GatewayOperation> The operations that this route applies to
id String A unique ID for this route
resourceTypes Set<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

39.20.16GatewayReadRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR read and vread operations

39.20.16.1Properties

Name Type Description
id String A unique ID for this route
resourceTypes Set<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

39.20.17GatewayRouteTarget

 

Defines a target association for a Smile CDR FHIR Gateway route

39.20.17.1Properties

Name Type Description
targetId String The ID of the target server

39.20.18GatewaySearchRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR search operations

39.20.18.1Properties

Name Type Description
disablePaging Boolean Responses for this route should not include paging links
id String A unique ID for this route
resourceTypes Set<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

39.20.19GatewayTarget

 

Contains the definition for an individual Smile CDR FHIR Gateway target server

39.20.19.1Properties

Name Type Description
id String An internal ID for the target server
baseUrl String The base URL for the target server
httpBasicCredentials String If specified, these credentials (in the form username:password) will be passed in all client requests to the target server
connectTimeoutMillis Int Specifies a connection timeout (in millis) to use for communication with the target server. Default is 60000
socketTimeoutMillis Int Specifies a socket timeout (in millis) to use for communication with the target server. Default is 60000
clientInterceptorClasses String If specified, signals to FHIR Gateway to load a comma-delimited list of CLIENT_RESPONSE interceptor classes that will allow the user to overwrite the HTTP response
resourceIdPrefix String If specified, provides a prefix that will be added to all resource IDs and local references for the target server before returning to the client
useHttpPostForAllSearches Boolean If set to true, FHIR search and paging operations against the target server will be performed using an HTTP POST instead of a GET. Default is false
serverCapabilityStatementValidationEnabled Boolean If set to false, FHIR Gateway will not validate the target server's CapabilityStatement with a request to /metadata. Default is true
alternateValidationPath String An alternate validation path which can be used to validate the target server using a HTTP GET request.
headersToForward Array<String> Any headers specified by name will be copied from the incoming client request and added to requests to the target server
allowedToFail Boolean If set to true, FHIR search operations against the target server that fail will not return an error to the client, unless all targets for a given request have failed. This flag does not apply to read routes. Default is false
forcedEncoding Enumeration If set, any requests containing a payload will have their payload re-encoded to the defined content-type before being forwarded to the target server

Options:

  • JSON
  • NDJSON
  • RDF
  • XML
retryStrategy GatewayTargetRetryStrategy If set, failed requests to this target will be retried using the specified retry configurations.

39.20.19.2Example

{
  "id" : "target1",
  "baseUrl" : "http://localhost:8000",
  "headersToForward" : [ "Sample-Header-1", "Sample-Header-2" ],
  "allowedToFail" : true,
  "retryStrategy" : {
    "maxRetries" : 2,
    "backoffStrategy" : "exponential",
    "backoffInterval" : 100,
    "errorRetryClasses" : [ "ca.uhn.fhir.rest.server.exceptions.MethodNotAllowedException" ]
  }
}

39.20.20GatewayTargetRetryStrategy

 

Contains configurations for the retry strategy for this target.

39.20.20.1Properties

Name Type Description
maxRetries Int The number of times to retry on a failed request.
backoffStrategy Enumeration The backoff strategy to use for failed attempts.

Options:

  • EXPONENTIAL
  • LINEAR
backoffInterval Long The backoff interval in milliseconds (defaulted to 1000ms). If an exponential backoff strategy is specified, this is the initial interval.
errorRetryClasses Array<String> The underlying fully qualified (ie, ca.uhn.fhir.rest.server.exceptions.MethodNotAllowedException) error class names to retry on.

39.20.21GatewayTransactionRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR transaction operations.

39.20.21.1Properties

Name Type Description
id String A unique ID for this route
resourceTypes Set<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

39.20.22GatewayUpdateRoute

 

Defines a Smile CDR FHIR Gateway route that services FHIR update operations.

39.20.22.1Properties

Name Type Description
id String A unique ID for this route
resourceTypes Set<String> The resource type (e.g. 'Patient') that this route applies to
targets Array<GatewayRouteTarget> A list of gateway target server IDs that this route should direct operations to
parallel Boolean If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded)

39.20.23GrantedAuthority

 

A granted authority is a single user authority (permission) that has been granted to a user. This authority has a permission name, and optionally an argument.

39.20.23.1Properties

Name Type Description
permission Enumeration The name of the permission. See permissions for information on available permissions.

Options:

  • ACCESS_ADMIN_JSON
  • ACCESS_ADMIN_WEB
  • ACCESS_FHIRWEB
  • ACCESS_FHIR_ENDPOINT
  • AG_ADMIN_CONSOLE_READ
  • AG_ADMIN_CONSOLE_WRITE
  • AG_DEV_PORTAL_READ
  • AG_DEV_PORTAL_WRITE
  • ARCHIVE_MODULE
  • BLOCK_FHIR_READ_UNLESS_CODE_IN_VS
  • BLOCK_FHIR_READ_UNLESS_CODE_NOT_IN_VS
  • CDA_IMPORT
  • CHANGE_OWN_DEFAULT_LAUNCH_CONTEXTS
  • CHANGE_OWN_PASSWORD
  • CHANGE_OWN_TFA_KEY
  • CONTROL_MODULE
  • CREATE_CDA_TEMPLATE
  • CREATE_MODULE
  • CREATE_USER
  • DELETE_CDA_TEMPLATE
  • DOCREF
  • DQM_QPP_BUILD
  • EMPI_ADMIN
  • EMPI_UPDATE_MATCH_RULES
  • EMPI_VIEW_MATCH_RULES
  • ETL_IMPORT_PROCESS_FILE
  • FHIR_ACCESS_PARTITION_ALL
  • FHIR_ACCESS_PARTITION_NAME
  • FHIR_ALL_DELETE
  • FHIR_ALL_READ
  • FHIR_ALL_WRITE
  • FHIR_AUTO_MDM
  • FHIR_BATCH
  • FHIR_CAPABILITIES
  • FHIR_DELETE_ALL_IN_COMPARTMENT
  • FHIR_DELETE_ALL_OF_TYPE
  • FHIR_DELETE_CASCADE_ALLOWED
  • FHIR_DELETE_EXPUNGE
  • FHIR_DELETE_TYPE_IN_COMPARTMENT
  • FHIR_DTR_USER
  • FHIR_EMPI_ADMIN
  • FHIR_EXPUNGE_DELETED
  • FHIR_EXPUNGE_EVERYTHING
  • FHIR_EXPUNGE_PREVIOUS_VERSIONS
  • FHIR_EXTENDED_OPERATION_ON_ANY_INSTANCE
  • FHIR_EXTENDED_OPERATION_ON_ANY_INSTANCE_OF_TYPE
  • FHIR_EXTENDED_OPERATION_ON_SERVER
  • FHIR_EXTENDED_OPERATION_ON_TYPE
  • FHIR_GET_RESOURCE_COUNTS
  • FHIR_GRAPHQL
  • FHIR_LIVEBUNDLE
  • FHIR_MANAGE_PARTITIONS
  • FHIR_MANUAL_VALIDATION
  • FHIR_MDM_ADMIN
  • FHIR_META_OPERATIONS_SUPERUSER
  • FHIR_MODIFY_SEARCH_PARAMETERS
  • FHIR_OP_APPLY
  • FHIR_OP_BINARY_ACCESS_READ
  • FHIR_OP_BINARY_ACCESS_WRITE
  • FHIR_OP_CARE_GAPS
  • FHIR_OP_CQL
  • FHIR_OP_EMPI_CLEAR
  • FHIR_OP_EMPI_DUPLICATE_PERSONS
  • FHIR_OP_EMPI_MERGE_PERSONS
  • FHIR_OP_EMPI_QUERY_LINKS
  • FHIR_OP_EMPI_SUBMIT
  • FHIR_OP_EMPI_UPDATE_LINK
  • FHIR_OP_ENCOUNTER_EVERYTHING
  • FHIR_OP_EVALUATE
  • FHIR_OP_EVALUATE_MEASURE
  • FHIR_OP_EXTRACT
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT_GROUP
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT_PATIENT
  • FHIR_OP_INITIATE_BULK_DATA_EXPORT_SYSTEM
  • FHIR_OP_INITIATE_BULK_DATA_IMPORT
  • FHIR_OP_MDM_CLEAR
  • FHIR_OP_MDM_CREATE_LINK
  • FHIR_OP_MDM_DUPLICATE_GOLDEN_RESOURCES
  • FHIR_OP_MDM_LINK_HISTORY
  • FHIR_OP_MDM_MERGE_GOLDEN_RESOURCES
  • FHIR_OP_MDM_NOT_DUPLICATE
  • FHIR_OP_MDM_QUERY_LINKS
  • FHIR_OP_MDM_SUBMIT
  • FHIR_OP_MDM_UPDATE_LINK
  • FHIR_OP_MEMBER_MATCH
  • FHIR_OP_PACKAGE
  • FHIR_OP_PATIENT_EVERYTHING
  • FHIR_OP_PATIENT_EVERYTHING_ACCESS_ALL
  • FHIR_OP_PATIENT_MATCH
  • FHIR_OP_PATIENT_SUMMARY
  • FHIR_OP_POPULATE
  • FHIR_OP_PREPOPULATE
  • FHIR_OP_STRUCTUREDEFINITION_SNAPSHOT
  • FHIR_OP_SUBMIT_DATA
  • FHIR_PATCH
  • FHIR_PROCESS_MESSAGE
  • FHIR_READ_ALL_IN_COMPARTMENT
  • FHIR_READ_ALL_OF_TYPE
  • FHIR_READ_INSTANCE
  • FHIR_READ_SEARCH_PARAMETERS
  • FHIR_READ_TYPE_IN_COMPARTMENT
  • FHIR_TRANSACTION
  • FHIR_TRIGGER_SUBSCRIPTION
  • FHIR_UPDATE_REWRITE_HISTORY
  • FHIR_UPLOAD_EXTERNAL_TERMINOLOGY
  • FHIR_WRITE_ALL_IN_COMPARTMENT
  • FHIR_WRITE_ALL_OF_TYPE
  • FHIR_WRITE_INSTANCE
  • FHIR_WRITE_TYPE_IN_COMPARTMENT
  • HFQL_EXECUTE
  • INVOKE_CDS_HOOKS
  • MANAGE_BATCH_JOBS
  • MDM_ADMIN
  • MDM_UPDATE_MATCH_RULES
  • MDM_VIEW_MATCH_RULES
  • MODULE_ADMIN
  • OIDC_CLIENT_PRESET_PERMISSION
  • OPENID_CONNECT_ADD_CLIENT
  • OPENID_CONNECT_ADD_SERVER
  • OPENID_CONNECT_EDIT_CLIENT
  • OPENID_CONNECT_EDIT_SERVER
  • OPENID_CONNECT_MANAGE_GLOBAL_SESSIONS
  • OPENID_CONNECT_VIEW_CLIENT_LIST
  • OPENID_CONNECT_VIEW_SERVER_LIST
  • PACKAGE_REGISTRY_READ
  • PACKAGE_REGISTRY_WRITE
  • REINSTATE_MODULE
  • ROLE_ANONYMOUS
  • ROLE_FHIR_CLIENT
  • ROLE_FHIR_CLIENT_SUPERUSER
  • ROLE_FHIR_CLIENT_SUPERUSER_RO
  • ROLE_FHIR_TERMINOLOGY_READ_CLIENT
  • ROLE_SUPERUSER
  • ROLE_SYSTEM
  • ROLE_SYSTEM_INITIALIZATION
  • SAVE_USER
  • START_STOP_MODULE
  • SUBMIT_ATTACHMENT
  • UPDATE_MODULE_CONFIG
  • UPDATE_USER
  • USE_CDA_TEMPLATE
  • VIEW_AUDIT_LOG
  • VIEW_BATCH_JOBS
  • VIEW_CDA_TEMPLATE
  • VIEW_METRICS
  • VIEW_MODULE_CONFIG
  • VIEW_MODULE_STATUS
  • VIEW_TRANSACTION_LOG
  • VIEW_TRANSACTION_LOG_EVENT
  • VIEW_USERS
argument String The argument for this authority. Note that some permissions do not take an argument while others require an argument. Consult the permission documentation for more information.

39.20.24Hl7V2GeneratedMessageContext

 

Contains details about a converted/generated HL7 v2.x message

39.20.25Hl7V2ReceivedMessage

 

Contains a received HL7 v2.x Message

39.20.25.1Properties

Name Type Description
received Date (Instant) The time at which this message was received
rawMessage HL7 v2.x Message The actual HL7 message that was received
controlId String The message control ID (MSH-10)
sendingPort Int The port on the remote system from which the message was sent
sendingPort String The host IP of the remote system from which the message was sent
transactionPid Long The PID assigned to this transaction by the transaction log

39.20.26Hl7V2ReceivedMessageConversionResult

 

Contains the result of an HL7 v2.x message runtime mapping or the conversion outcome of an HL7 v2.x message (into a FHIR payload)

39.20.26.1Properties

Name Type Description
doNotProcess Boolean A flag to indicate whether or not a given message should be processed
doNotAutoConvert Boolean A flag to indicate whether or not a given message should be passed through the Smile CDR built-in message translations. Set this to true in order to skip built-in message translation entirely.
transactionBundles Array<FHIR Resource> An array of Bundle resources containing transactions to be submitted to the FHIR server

39.20.26.2Functions

Name Description
addTransaction(theTransaction)
Add a FHIR transaction to process

Return Type: void
Parameter theTransaction: theTransaction
addMessage(thePath, theMessageLevel, theIssue)
This method adds a message to the conversion result. Acceptable message levels are INFO, WARNING, and ERROR

Return Type: void
Parameter thePath: thePath
Parameter theMessageLevel: theMessageLevel
Parameter theIssue: theIssue

39.20.27LaunchContext

 

Represents a SMART launch context that has been assigned to a specific user session

39.20.27.1Properties

Name Type Description
contextType String The launch context type, e.g. "patient" (note the lack of capitalization in SMART launch scope types)
resourceId String The launch context resource ID, e.g. "123" (note that the resource type is not included in the ID)

39.20.28LaunchContextParameter

 

Represent launch context parameters to be added to a specific user session

39.20.28.1Properties

Name Type Description
parameterName String The parameter name (need_patient_banner, smart_style_url)
parameterValue String The parameter value

39.20.29LaunchResourceId

 

This structure represents a link between a user in the auth database and a resource in the FHIR database. This can be used, for example, to specify that a particular user is a specific Patient in the CDR. That linkage can then be applied in order to make security/permission decisions.

39.20.29.1Properties

Name Type Description
resourceType String The resource type, e.g. 'Patient'
resourceId String The resource ID, e.g. '123'

39.20.30MegaScaleCredentialRequest

 

Request object for a MegaScale database credential request

39.20.30.1Properties

Name Type Description
partitionId Int The numeric ID for the given partition
partitionName String The name for the given partition

39.20.31MegaScaleCredentialResponse

 

Response object for a MegaScale database credential request

39.20.31.1Properties

Name Type Description
databaseUrl String The JDBC database connection URL
databaseUsername String The JDBC database connection username
databasePassword String The JDBC database connection password
databaseInitializationStatements Array<String> Any statements returned here will be issued to the database as raw SQL if the database is found to be empty, immediately after the Smile CDR database schema is initialized.

39.20.32OAuth2AuthorizationRequestDetails

 

Contains details about an OAuth2/OIDC request in progress

39.20.32.1Properties

Name Type Description
clientId String Contains the authorizing client ID
memberId String The member id obtained from the $member-match operation.
consentResource String The consent resource obtained from the $member-match operation.

39.20.32.2Functions

Name Description
getRequestParameters()
Retrieve all initial OAuth2 authorization request parameters

Return Type: Map<String,String>
getAudience()
Retrieve the initial OAuth2 aud request parameter value

Return Type: String
setAudience(theAudience)
Set the value from aud URL parameter from the initial OAuth2 authorization request

Return Type: void
Parameter theAudience: theAudience
addAccessTokenClaim(theName, theValue)
Add an additional claim to the generated access token

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getLaunch()
Retrieve the value of the launch URL parameter from the initial OAuth2 authorization request

Return Type: String
setLaunch(theLaunch)
Set the value from launch URL parameter from the initial OAuth2 authorization request

Return Type: void
Parameter theLaunch: theLaunch
addRequestParameter(theName, theValue)
Add a request parameter to the generated access token

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getState()
Retrieve the value of the state URL parameter from the initial OAuth2 authorization request

Return Type: String
setState(theState)
Set the value from state URL parameter from the initial OAuth2 authorization request

Return Type: void
Parameter theState: theState

39.20.33OAuth2Client

 

Represents an OpenID Connect client

39.20.33.1Properties

Name Type Description
moduleId String The Module ID that this client is registered against
nodeId String The Node ID that this client is registered against
userData Map<String,Object> The user data for this session.
pid Long The internal ID for this client.
accessTokenValiditySeconds Int The number of seconds that an access token should be valid once it has been created.
allowedGrantTypes Set<Enumeration> The grant types that this client is permitted to perform. See Authorization Flows for a description of the possible flows.

Options:

  • AUTHORIZATION_CODE
  • CLIENT_CREDENTIALS
  • IMPLICIT
  • JWT_BEARER
  • PASSWORD
  • REFRESH_TOKEN
autoApproveScopes Set<String> Scopes listed here will be automatically approved if requested by the client during the initial authorization request, without requiring the user to explicitly accept them.
autoGrantScopes Set<String> Scopes listed here will be automatically granted during every successful authorization by this client. These scopes do not have to be explicitly requested by the client during the initial authorization request.
clientId String The Client ID (corresponds to the iss field in many OAuth2 exchanges).
clientName String A human friendly description/name for the client.
clientSecrets Array<OAuth2ClientSecret> Optionally contains client secrets to be used by the client in some grant types.
fixedScope Boolean Is this client fixed scope? When authorizing a fixed scope client, the list of scopes requested in the initial authorization request will be ignored, and the complete list of scopes in the Scope property will be assumed. If these scopes are not listed as Auto-Approve, the user will still be required to approve them.
refreshTokenValiditySeconds Int The number of seconds that a refresh token will be valid for.
registeredRedirectUris Set<String> The allowable redirect URIs that may be requested.
scopes Set<String> A list of OAuth2 scopes that the client is allowed to request user approval for.
secretRequired Boolean Is the client secret required in order to authenticate this client?
secretClientCanChange Boolean Can the client change their own secret?
enabled Boolean Is the client enabled?
canIntrospectOwnTokens Boolean Can this client perform token introspection on tokens that it issued?
canIntrospectAnyTokens Boolean Can this client perform token introspecton on any tokens issued by the security module it is registered against?
alwaysRequireApproval Boolean Should the user approval page be displayed even if the client has not requested any scopes that require user approval?
canReissueTokens Boolean Can the OAuth2 server reissue tokens that have been previously issued for this client, if the token request is the same (e.g. for the same user, requesting the same scopes, etc.) and the token is not close to expiry?
permissions Array<GrantedAuthority> Any permission that should be granted directly to the client when it authenticates using the Client Credentials Grant.
rememberApprovedScopes Boolean When a user performs an OAuth2 authentication/authorization flow for this client, should their approved scopes be remembered the next time they authenticate?
attestationAccepted Boolean Has the client developer attested to the policy?
publicJwks String The public JWKS Keystore for this client. Used when the client authenticated using a bearer token.
jwksUrl String A public endpoint location of the JWK Set. If present, this will be used before any public JWKS on the client directly.
archivedAt Date (Instant) The time at which this client was archived, if it has been.
createdByAppSphere Boolean

39.20.33.2Functions

Name Description
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: thePermission
Parameter theArgument: theArgument
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: thePermission
addUserData(theExtraData)
Add all entries to the user data. A null value will be ignored.

Return Type: void
Parameter theExtraData: theExtraData
setUserData(theName, theValue)
Sets a user supplied data value in the session.

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getUserData(theName)
Get a user supplied data value.

Return Type: Object
Parameter theName: theName
hasUserData(theName)
Has user data for name been set?

Return Type: Boolean
Parameter theName: theName
clearUserData(theName)
Clear all user data.

Return Type: void
Parameter theName: theName
setUserDataINN(theName, theValue)
Sets a user supplied data value in the session if value is not null.

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getUserString(theName)
Get a user supplied data value as a string (converting if needed) or null if unset.

Return Type: String
Parameter theName: theName
getUserInt(theName)
Get a user supplied data value as a integer, converting null/unset to 0.

Return Type: Int
Parameter theName: theName

39.20.34OAuth2ClientSecret

 

A client secret for an OAuth2 client

39.20.34.1Properties

Name Type Description
pid Long
secret String
description String
expiration Date (Instant)
activation Date (Instant)

39.20.35OAuth2Clients

 

A collection of OAuth2 clients

39.20.35.1Properties

Name Type Description
clients Array<OAuth2Client>
pageIndex Int
totalPages Int

39.20.35.2Example

{
  "clients" : [ {
    "clientId" : "my-client-id",
    "clientName" : "Sample Client",
    "enabled" : false,
    "allowedGrantTypes" : [ "AUTHORIZATION_CODE", "REFRESH_TOKEN" ],
    "alwaysRequireApproval" : false,
    "attestationAccepted" : false,
    "canIntrospectAnyTokens" : false,
    "canIntrospectOwnTokens" : false,
    "canReissueTokens" : false,
    "clientSecrets" : [ {
      "secret" : "THIS_IS_A_CLIENT_SECRET",
      "expiration" : "2025-03-18T10:00:08.272+00:00",
      "activation" : "2024-03-18T10:00:08.272+00:00"
    } ],
    "createdByAppSphere" : false,
    "fixedScope" : false,
    "registeredRedirectUris" : [ "http://example.com/app-redirect" ],
    "rememberApprovedScopes" : false,
    "scopes" : [ "openid", "patient/*.read", "profile" ],
    "secretClientCanChange" : false,
    "secretRequired" : true
  } ],
  "pageIndex" : 0,
  "totalPages" : 0
}

39.20.36OAuth2Server

 

An OAuth2/OpenID Connect server definition

39.20.36.1Properties

Name Type Description
pid Long The internal persistence ID for this provider.
name String A user friendly name/description of this provider.
issuer String The issuer URL.
tokenIntrospectionClientId String The client ID to use when performing token introspection against this provider.
tokenIntrospectionClientSecret String The client secret to use when performing token introspection against this provider.
nodeId String The Node ID for the security module that this definition applies to.
moduleId String The security Module ID that this definition applies to.
validationJwkText String A JSON document containing the JWK Set containing the public key used to validate signed tokens issued by this server. This is not required for federated server definitions but is required otherwise.
validationJwkFile String A local file path / classpath to use to supply the JWK Set containing the public key used to validate signed tokens issued by this server. This field applies only to non-federated providers.
federationRegistrationId String A unique identifier for the federation between Smile CDR and the federated provider. If this is left blank, a unique value will be automatically created by Smile CDR. You may choose to use a more descriptive value however, as it will appear in URLs and log statements. Since this value will appear in URL paths, only letters and numbers should be used with no whitespace.
federationRequestScopes String When requesting authorization against the federated provider, this setting controls which OAuth2 scopes will be requested. Note that the scopes requested by the security module from the federated provider are independent from the scopes requested by the SMART application that is authorizing against Smile CDR. In a typical flow, a SMART on FHIR application will request SMART scopes from Smile CDR, and Smile CDR will in turn request a different set of appropriate scopes from the federated provider.
federationAuthorizationUrl String The URL to redirect the requesting user to in order to request user authentication/authorization with the federated provider.
federationTokenUrl String The service URL used by the SMART Outbound Security module for code exchange when requesting a token from the federated provider.
federationUserInfoUrl String The service URL used by the SMART Outbound Security module for requesting user details.
federationJwkSetUrl String The URL from which to obtain the federated provider's token signing public key.
federationAuthScriptText String When using Federated OAuth2/OIDC Login, a script is used to bridge between the user authorization details received from the federated provider and the requested authorization details in the originating SMART on FHIR application. This script is used to assign appropriate permissions and inject any other required details into the user session. It may obtain all required information by inspecting the access token details, or it may make additional service calls to fetch information.
federationUserMappingScriptText String When using Federated OAuth2/OIDC Login, an optional script that is used to create Smile CDR user name from the federated login details.
fhirEndpointUrl String The FHIR Endpoint URL associated to this OIDC Server. P2P specific-optional
authWellKnownConfigUrl String The auth well-known configuration URL associated to this OIDC Server to retrieve fhir data. P2P specific-optional
notes String Registration URL, etc. P2P specific-optional
customTokenParams String Customized token parameters for this OIDC Server. P2P specific-optional
responseType String The response type for the associated OIDC Server. P2P specific-optional
organizationId String The identification code used to specify an organization or business. (i.e. Payer ID/A five digit standardized industry identify used by payers). P2P specific-optional
audience String The audience parameter. Defines the intended consumer of the token. P2P specific-optional
archivedAt Date (Instant) The time at which this module was archived, if it has been.

39.20.37OAuth2Servers

 

A collection of OAuth2/OpenID Connect server definitions

39.20.37.1Properties

Name Type Description
servers Array<OAuth2Server>
pageIndex Int
totalPages Int

39.20.37.2Example

{
  "servers" : [ {
    "issuer" : "http://idp.example.com",
    "name" : "Acme Identity Provider Corp",
    "tokenIntrospectionClientId" : "my-client-id",
    "tokenIntrospectionClientSecret" : "THIS_IS_A_CLIENT_SECRET"
  } ],
  "pageIndex" : 0,
  "totalPages" : 0
}

39.20.38OAuth2SmartContextSelectionChoicePerson

 

A person to use as an option for context selection.

39.20.38.1Properties

Name Type Description
familyName String
givenName String
birthDate String The birth date associated with this person. Note that element is treated as a freetext string, and any format is accepted.
userData Map<String,Object> The user data for this person.
id String A unique ID for the person entry. This property is set automatically and can not be changed.
associatedPatientContextResourceId String
associatedAuthorities Array<GrantedAuthority>
autoGrantScopes Set<String> The auto granted scopes for this person
requestedScopes Set<String> The requested scopes for this person

39.20.38.2Functions

Name Description
addAutoGrantScopes(theScopes)
Add auto-grant scopes that will be not be shown to the user. Supports multiple whitespace separated scopes.

Return Type: void
Parameter theScopes: theScopes
addRequestedScopes(theScopes)
Add scopes to the client request for approval by the user. Supports multiple whitespace separated scopes.

Return Type: void
Parameter theScopes: theScopes
removeAutoGrantScopes(theScopes)
Remove auto-grant scopes that will be not be shown to the user. Supports multiple whitespace separated scopes.

Return Type: void
Parameter theScopes: theScopes
removeRequestedScopes(theScopes)
Remove scopes to the client request for approval by the user. Supports multiple whitespace separated scopes.

Return Type: void
Parameter theScopes: theScopes
addUserData(theExtraData)
Add all entries to the user data. A null value will be ignored.

Return Type: void
Parameter theExtraData: theExtraData
setUserData(theName, theValue)
Sets a user supplied data value in the session.

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getUserData(theName)
Get a user supplied data value.

Return Type: Object
Parameter theName: theName
hasUserData(theName)
Has user data for name been set?

Return Type: Boolean
Parameter theName: theName
clearUserData(theName)
Clear all user data.

Return Type: void
Parameter theName: theName
setUserDataINN(theName, theValue)
Sets a user supplied data value in the session if value is not null.

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getUserString(theName)
Get a user supplied data value as a string (converting if needed) or null if unset.

Return Type: String
Parameter theName: theName
getUserInt(theName)
Get a user supplied data value as a integer, converting null/unset to 0.

Return Type: Int
Parameter theName: theName
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: thePermission
Parameter theArgument: theArgument
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: thePermission

39.20.39OAuth2SmartContextSelectionChoices

 

This object represents a set of context choices that can be selected from by a user authorizing an app via the SMART Outbound Security module.

39.20.39.1Properties

Name Type Description
persons Array<OAuth2SmartContextSelectionChoicePerson> persons
customScopeDisplay Map<String,String> Custom Scope Display

39.20.39.2Functions

Name Description
addPerson()
Adds and returns a person object

Return Type: OAuth2SmartContextSelectionChoicePerson
haveChoices()
Returns true if one or more persons has been added to this object

Return Type: Boolean
addDisplayTranslation(theScope, theDisplayText)
Add custom display name for the scope

Return Type: void
Parameter theScope: theScope
Parameter theDisplayText: theDisplayText

39.20.40Oauth2InvalidateTokensResponseJson

 

Response object when invalidating OpenID Connect tokens

39.20.40.1Properties

Name Type Description
accessTokenCount Int The count of invalidated access tokens
refreshTokenCount Int The count of invalidated refresh tokens

39.20.41PackageInstallationSpec

 

Defines a set of instructions for package installation

39.20.41.1Properties

Name Type Description
packageUrl String The direct package URL
name String The NPM package Name
version String The direct package version
installMode Enumeration Should resources from this package be extracted from the package and installed into the repository individually

Options:

  • STORE_AND_INSTALL
  • STORE_ONLY
installResourceTypes Array<String> If resources are being installed individually, this is list provides the resource types to install. By default, all conformance resources will be installed.
fetchDependencies Boolean Should dependencies be automatically resolved, fetched and installed with the same settings
reloadExisting Boolean Should existing resources be reloaded. Defaults to true, but can be set to false to avoid re-index operations for existing search parameters

39.20.41.2Example

{
  "name" : "hl7.fhir.us.core",
  "version" : "3.1.0",
  "installMode" : "STORE_ONLY",
  "reloadExisting" : true,
  "fetchDependencies" : true
}

39.20.41.3Example

{
  "name" : "com.example.my-resources",
  "version" : "1.0",
  "packageUrl" : "classpath:/my-resources.tgz",
  "installMode" : "STORE_AND_INSTALL",
  "installResourceTypes" : [ "Organization", "Medication", "PlanDefinition", "SearchParameter" ],
  "reloadExisting" : true,
  "fetchDependencies" : false
}

39.20.42PartitionDefinition

 

A partition definition

39.20.42.1Properties

Name Type Description
id Int
name String
description String

39.20.43PartitionDefinitions

 

A collections of partition definitions

39.20.43.1Properties

Name Type Description
partitions Array<PartitionDefinition>

39.20.43.2Example

{
  "partitions" : [ {
    "id" : 1,
    "name" : "Partition-A",
    "description" : "The first partition"
  }, {
    "id" : 2,
    "name" : "Partition-B",
    "description" : "The second partition"
  } ]
}

39.20.44RequestDetailsJson

 

This object contains details about a FHIR request at runtime

39.20.44.1Properties

Name Type Description
approvedScopes Set<String>
tenantId String
compartmentName String
completeUrl String
fhirServerBase String
id String
operation String
requestPath String
requestType Enumeration

Options:

  • CONNECT
  • DELETE
  • GET
  • HEAD
  • OPTIONS
  • PATCH
  • POST
  • PUT
  • TRACE
  • TRACK
resourceName String
respondGzip Boolean
restOperationType Enumeration

Options:

  • ADD_TAGS
  • BATCH
  • CREATE
  • DELETE
  • DELETE_TAGS
  • EXTENDED_OPERATION_INSTANCE
  • EXTENDED_OPERATION_SERVER
  • EXTENDED_OPERATION_TYPE
  • GET_PAGE
  • GET_TAGS
  • GRAPHQL_REQUEST
  • HISTORY_INSTANCE
  • HISTORY_SYSTEM
  • HISTORY_TYPE
  • META
  • METADATA
  • META_ADD
  • META_DELETE
  • PATCH
  • READ
  • SEARCH_SYSTEM
  • SEARCH_TYPE
  • TRANSACTION
  • UPDATE
  • UPDATE_REWRITE_HISTORY
  • VALIDATE
  • VREAD
secondaryOperation String
subRequest Boolean

39.20.44.2Functions

Name Description
getParameters(theParameterName)
Returns an array of URL values for the given parameter

Return Type: Array<String>
Parameter theParameterName: theParameterName
getHeader(theHeaderName)
Returns an array of HTTP header values for the given key

Return Type: Array<String>
Parameter theHeaderName: theHeaderName

39.20.45ScriptAuthenticationOutcomeFactory

 

This object is used by authorization scripts to create success or failure objects to be returned by the script function.

39.20.45.1Functions

Name Description
newSuccess()
This method creates a successful response that can be populated by the script, and then returned by the function.

Return Type: UserSessionDetails
newFailure()
This method creates a failure response that can be populated by the script, and then returned by the function.

Return Type: AuthenticationFailure

39.20.46ScriptConsentContextServices

 

This object is passed to consent services scripts to provide context services

39.20.46.1Functions

Name Description
proceed()
Advise the consent service that this operation should proceed (i.e. the operation will not be rejected, and the consent service will continue to evaluate)

Return Type: void
reject()
Advise the consent service that this operation should be rejected

Return Type: void
authorized()
Advise the consent service that this operation should be authorized (i.e. no further checking should occur)

Return Type: void

39.20.47SecurityInLdapAuthenticationContext

 

Provides details and functions around the context of an authentication using the LDAP Inbound Security module. Objects of this type inherit all properties of their ancestor type AuthenticationContext.

39.20.47.1Properties

Name Type Description
nodeId String The node ID associated with the request
moduleId String The module ID associated with the request
startTime Date (Instant) The time at which the initial HTTP request was received
remoteAddress String The IP address of the remote party to invoke the service
remoteScheme String The protocol used by the remote party to invoke the service (will generally be http or https)
headers Map<String,String> The headers associated with the request

39.20.47.2Functions

Name Description
isMemberOfGroup(theGroupDn, theMemberAttribute)
Return true if the authenticated user is in the given group

Return Type: Boolean
Parameter theGroupDn: theGroupDn
Parameter theMemberAttribute: theMemberAttribute
isMemberOfGroup(theGroupDn)
Return true if the authenticated user is in the given group using member as membership attribute

Return Type: Boolean
Parameter theGroupDn: theGroupDn
isMemberOfGroup(theGroupDn, theMemberAttribute, theSearchBaseDn)
Return true if the authenticated user is in the given group. LDAP static groups with class:groupOfNames use member to enumerate members. This is the default value for theMemberAttribute.But if the group is defined differently (e.g. groupOfUniqueNames uses uniqueMember), pass that attribute name as theMemberAttribute.Use theSearchBaseDn to (optionally) scope the search for groups.

Return Type: Boolean
Parameter theGroupDn: theGroupDn
Parameter theMemberAttribute: theMemberAttribute
Parameter theSearchBaseDn: theSearchBaseDn
queryStringAttributes(theAttributeName)
Query string attribute values for the given attribute name in LDAP for the authenticated user.Useful for fetching dynamic attributes not loaded during the authentication bind.

Return Type: Array<String>
Parameter theAttributeName: theAttributeName
getStringAttributes(theAttributeName)
Fetch string attribute values for the given attribute name in LDAP for the authenticated user

Return Type: Array<String>
Parameter theAttributeName: theAttributeName

39.20.48SecurityInSmartAuthenticationContext

 

Provides the context for the onAuthenticateSuccess callback method on the SMART Inbound Security module. Objects of this type inherit all properties of their ancestor type AuthenticationContext.

39.20.48.1Properties

Name Type Description
nodeId String The node ID associated with the request
moduleId String The module ID associated with the request
startTime Date (Instant) The time at which the initial HTTP request was received
remoteAddress String The IP address of the remote party to invoke the service
remoteScheme String The protocol used by the remote party to invoke the service (will generally be http or https)
headers Map<String,String> The headers associated with the request

39.20.48.2Functions

Name Description
hasApprovedScope(theScope)
This function returns true if the session has been approved for the given OAuth2 scope

Return Type: Boolean
Parameter theScope: theScope
getStringArrayClaim(theName)
This function returns the claim contained within the encoded ID token JWT. The claim value is expected to be an array of strings.

Return Type: Array<String>
Parameter theName: theName
getClaim(theName)
This function gets any claim in the claims map, returning the JSON value found there. If no claim exists with the given name, null is returned.

Return Type: Object
Parameter theName: theName
getStringClaim(theName)
This function returns the claim contained within the encoded ID token JWT. The claim value is expected to be a string.

Return Type: String
Parameter theName: theName
getClaims()
This function gets all claims from the token as a claims map.

Return Type: Map<String,Object>
getApprovedScopes()
This function returns an array of the approved scopes

Return Type: Set<String>

39.20.49SmartCodapAuthorizationRequest

 

This object is passed to the SMART Cross-Organization Data Access Profile authorization callback script

39.20.49.1Properties

Name Type Description
requestingPractitioner FHIR Resource
requestedRecord FHIR Resource
reasonForRequest String
clientId String
scope Set<String>
rawAuthorizationToken String
rawAuthenticationToken String

39.20.50SmartOnPostAuthorizeDetails

 

This class represents a completed SMART Authorization. It contains details about the authorization, what was granted, who it was granted to, etc.

39.20.50.1Properties

Name Type Description
grantType String
accessToken String
grantedScopes Set<String>
expiration Date (Instant)
requestingPractitioner FHIR Resource
requestedRecord FHIR Resource
refreshToken String

39.20.51UserDetails

 

A user definition

39.20.51.1Properties

Name Type Description
accountDisabled Boolean
notes String
email String
accountExpiry Date (Instant)
accountLocked Boolean
failedLoginAttempts Int
authorities Array<GrantedAuthority>
associatedResources Array<AssociatedResource> A collection of "associated resource" IDs. Associated resources are FHIR resources with some connection to the given user, such as a Patient or Practitioner resource representing the actual user.
credentialExpiry Date (Instant)
familyName String
givenName String
lastActive Date (Instant) The date at which the user account was last used. Note that this property is read-only, and is only updated once per day, so it is accurate only to the date.
lastConnected Date (Instant) The date at which the user last logged in. This property is read-only and is accurate to the minute.
moduleId String The module ID associated with this user account. This is the module ID associated with the Inbound Security module that is responsible for authenticating this user.
nodeId String The node ID associated with this user. This is the master node ID associated with the Inbound Security module that is responsible for authenticating this user.
password String The user password (note that this property will not be populated when sessions are made available to user code)
pid Long The PID (internal ID) for this user
username String The username for this user
usernameNamespace String The username namespace associated with this user
systemUser Boolean If this is set, the user cannot be renamed or deleted (this property may only be set by the system)
external Boolean If this value is set, the user is backed by an external user directory (this property may only be set by the system)
defaultLaunchContexts Array<LaunchContext> The SMART launch contexts associated with this account
serviceAccount Boolean
twoFactorAuthStatus Enumeration

Options:

  • KEY_DEFINED_UNCONFIRMED
  • NO_KEY_DEFINED
  • TOTP_ENABLED

39.20.51.2Functions

Name Description
getOrCreateDefaultLaunchContext(theContextType, theIndex)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: theContextType
Parameter theIndex: theIndex
getOrCreateDefaultLaunchContext(theContextType)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: theContextType
hasAuthority(thePermission)
Does the user have the given permission?

Return Type: Boolean
Parameter thePermission: thePermission
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: thePermission
Parameter theArgument: theArgument
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: thePermission

39.20.52UserDetailsChangeLaunchContextJson

 

Input type for a user update to the launch context(s) associated with their account.

39.20.52.1Properties

Name Type Description
contexts Array<LaunchContext>

39.20.52.2Example

{
  "contexts" : [ {
    "contextType" : "patient",
    "resourceId" : "Patient/123"
  } ]
}

39.20.53UserDetailsList

 

A collection of users

39.20.53.1Properties

Name Type Description
users Array<UserDetails>

39.20.54UserDetailsOAuth2AllClientApprovals

 

Contains the list of clients for which a user has current OAuth2 sessions (access and refresh tokens) or remembered scopes.

39.20.54.1Properties

Name Type Description
clients Array<UserDetailsOAuth2ClientApprovals>

39.20.55UserDetailsOAuth2ClientApprovals

 

Contains the details of an individual client for which a user has approved scopes and/or active tokens.

39.20.55.1Properties

Name Type Description
clientNodeId String
clientModuleId String
clientId String
clientName String
approvedScopes Array<UserDetailsOAuth2ClientApprovalsApprovedScope>

39.20.56UserDetailsOAuth2ClientApprovalsApprovedScope

 

Contains the details of an approved scope for a given user and client.

39.20.56.1Properties

Name Type Description
scope String
description String

39.20.57UserSessionDetails

 

A user session details object contains details about a logged in user and a specific session they have established with the authorization server.

39.20.57.1Properties

Name Type Description
launchContextParameters Array<LaunchContextParameter> Specifies the parameters that will be returned to the user as launch context if the SMART authorization flow requests a launch context
launchResourceIds Array<LaunchResourceId> Specifies the IDs that will be returned to the user as launch context if the SMART authorization flow requests a launch context
fhirContext Array<FhirContextEntry> Specifies the components of the fhirContext, including a reference or a reference/role pair.
approvedScopes Set<String> If the session is an OAuth2 session (i.e. it is accessed via a bearer token that was granted by a SMART Auth server) this field will be populated with the set of scopes that were approved for the client
oidcClientId String If the session is an OAuth2 session (i.e. it is accessed via a bearer token that was granted by a SMART Auth server) this field will be populated with the id of the client.
oidcClientNodeId String The node ID associated with OIDC client of this user.
oidcClientModuleId String The module ID associated with the OIDC client of this user account.
userData Map<String,Object> The user data for this session.
fhirUserUrl String Specifies the FHIR Resource URL associated with this user session. This value will be used to provide the fhirUser claim in returned ID Tokens, and is not used for other purposes.
accountDisabled Boolean
notes String
email String
accountExpiry Date (Instant)
accountLocked Boolean
failedLoginAttempts Int
authorities Array<GrantedAuthority>
associatedResources Array<AssociatedResource> A collection of "associated resource" IDs. Associated resources are FHIR resources with some connection to the given user, such as a Patient or Practitioner resource representing the actual user.
credentialExpiry Date (Instant)
familyName String
givenName String
lastActive Date (Instant) The date at which the user account was last used. Note that this property is read-only, and is only updated once per day, so it is accurate only to the date.
lastConnected Date (Instant) The date at which the user last logged in. This property is read-only and is accurate to the minute.
moduleId String The module ID associated with this user account. This is the module ID associated with the Inbound Security module that is responsible for authenticating this user.
nodeId String The node ID associated with this user. This is the master node ID associated with the Inbound Security module that is responsible for authenticating this user.
password String The user password (note that this property will not be populated when sessions are made available to user code)
pid Long The PID (internal ID) for this user
username String The username for this user
usernameNamespace String The username namespace associated with this user
systemUser Boolean If this is set, the user cannot be renamed or deleted (this property may only be set by the system)
external Boolean If this value is set, the user is backed by an external user directory (this property may only be set by the system)
defaultLaunchContexts Array<LaunchContext> The SMART launch contexts associated with this account
serviceAccount Boolean
twoFactorAuthStatus Enumeration

Options:

  • KEY_DEFINED_UNCONFIRMED
  • NO_KEY_DEFINED
  • TOTP_ENABLED

39.20.57.2Functions

Name Description
getLaunchResourceIdForResourceType(theResourceType)
Provides a single launch context resource ID associated with this session for a given resource type, returning the resource ID (e.g. 123) or null if none are found.

Return Type: String
Parameter theResourceType: theResourceType
addLaunchContextParameter(theParameterName, theParameterValue)
Adds a launch context parameter name/value pair

Return Type: void
Parameter theParameterName: theParameterName
Parameter theParameterValue: theParameterValue
addApprovedScope(theScope)
Add an approved scope to the session

Return Type: void
Parameter theScope: theScope
removeApprovedScope(theScope)
Remove an approved scope to the session. This method has no effect if the given scope is not in the existing approved scope list.

Return Type: void
Parameter theScope: theScope
addFhirContextReference(theReference, theRole)
Adds a Smart fhirContext entry containing the reference and role

Return Type: void
Parameter theReference: theReference
Parameter theRole: theRole
addFhirContextReference(theReference)
Adds a Smart fhirContext entry containing only the reference

Return Type: void
Parameter theReference: theReference
getFhirContext()
Provides the fhirContext entries with this session

Return Type: Array<FhirContextEntry>
getLaunchResourceIds()
Provides the launch context resource IDs associated with this session

Return Type: Array<LaunchResourceId>
getLaunchContextParameters()
Provides the launch context parameters associated with this session

Return Type: Array<LaunchContextParameter>
getLaunchResourceIdsForResourceType(theResourceType)
Provides the launch context resource IDs associated with this session for a given resource type, returning an array of LaunchResourceId objects.

Return Type: Array<LaunchResourceId>
Parameter theResourceType: theResourceType
addLaunchResourceId(theResourceType, theResourceId)
Adds a launch context resource id

Return Type: void
Parameter theResourceType: theResourceType
Parameter theResourceId: theResourceId
addUserData(theKey, theValue)
Add user data to the session. Custom user data can be added for use within the system or in interceptors.

Return Type: void
Parameter theKey: theKey
Parameter theValue: theValue
getOrCreateDefaultLaunchContext(theContextType, theIndex)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: theContextType
Parameter theIndex: theIndex
getOrCreateDefaultLaunchContext(theContextType)
Returns the first default launch context for the given type, creating one if none exists

Return Type: LaunchContext
Parameter theContextType: theContextType
hasAuthority(thePermission)
Does the user have the given permission?

Return Type: Boolean
Parameter thePermission: thePermission
addAuthority(thePermission, theArgument)
Add an authority/permission with an argument to the given user

Return Type: void
Parameter thePermission: thePermission
Parameter theArgument: theArgument
addAuthority(thePermission)
Add an authority/permission to the given user

Return Type: void
Parameter thePermission: thePermission
addUserData(theExtraData)
Add all entries to the user data. A null value will be ignored.

Return Type: void
Parameter theExtraData: theExtraData
setUserData(theName, theValue)
Sets a user supplied data value in the session.

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getUserData(theName)
Get a user supplied data value.

Return Type: Object
Parameter theName: theName
hasUserData(theName)
Has user data for name been set?

Return Type: Boolean
Parameter theName: theName
clearUserData(theName)
Clear all user data.

Return Type: void
Parameter theName: theName
setUserDataINN(theName, theValue)
Sets a user supplied data value in the session if value is not null.

Return Type: void
Parameter theName: theName
Parameter theValue: theValue
getUserString(theName)
Get a user supplied data value as a string (converting if needed) or null if unset.

Return Type: String
Parameter theName: theName
getUserInt(theName)
Get a user supplied data value as a integer, converting null/unset to 0.

Return Type: Int
Parameter theName: theName