On this page:

17.6OpenID Connect Clients Endpoint

 

The OpenID Connect Clients Endpoint can be used to create, read, and update client definitions that are stored in Smile CDR.

17.6.1Fetch All Clients

 
This method requires the OPENID_CONNECT_VIEW_CLIENT_LIST permission.

This method will fetch all clients stored in the system.


Request:

GET http://localhost:9000/openid-connect-clients/

You may also add the following URL parameters:

  • pageIndex=[index] – The index of the page to return to the user (0 is the first page). Default value is 0.
  • pageSize=[size] – The size of the page to return to the user (e.g. 100). Default value is 100.
  • clientStatusFilter=['ENABLED', 'DISABLED', or 'ENABLED_AND_DISABLED'] – The status of clients to return to the user. Default value is ENABLED.

Response:

This operation returns a JSON document object of type OAuth2Clients. This object will then contain individual definitions of the type OAuth2ClientDetails.

Note that client secrets are not included in response objects.

Example:

{
  "clients": [
    {
      "accessTokenValiditySeconds": 3600,
      "allowedGrantTypes": [
        "AUTHORIZATION_CODE",
        "REFRESH_TOKEN"
      ],
      "clientId": "my-smart-app",
      "clientName": "My SMART App",
      "clientSecrets": [
        {
          "secret": "***",
          "expiration": "2036-01-01T00:00:00.000+00:00",
          "activation": "2018-10-31T00:00:00.000+00:00"
        }
      ],
      "fixedScope": false,
      "refreshTokenValiditySeconds": 86400,
      "registeredRedirectUris": [
        "https://example.com/oauth/callback"
      ],
      "scopes": [
        "patient/*.read",
        "patient/*.write"
      ],
      "secretRequired": false,
      "pid": 352,
      "canIntrospectOwnTokens": false,
      "canIntrospectAnyTokens": false,
      "alwaysRequireApproval": false,
      "canReissueTokens": false,
      "moduleId": "smart_auth",
      "nodeId": "Master"
    }
  ]
}

17.6.2Fetch Individual Client by Client ID

 
This method requires the OPENID_CONNECT_VIEW_CLIENT_LIST permission.

This method will fetch a single client stored in the system.


Request:

GET http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/[client_id]

Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition. The client_id is the ID found within the definition.

Response:

This operation returns a JSON document object of type OAuth2ClientDetails.

Note that client secrets are not included in response objects.

17.6.3Create Client

 
This method requires the OPENID_CONNECT_ADD_CLIENT permission.

This method will create a new client definition.


Request:

POST http://localhost:9000/openid-connect-clients/[node_id]/[module_id]

Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition.

Example:

{
  "accessTokenValiditySeconds": 3600,
  "allowedGrantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "canIntrospectAnyTokens": true,
  "canIntrospectOwnTokens": true,
  "canReissueTokens": true,
  "clientId": "some-client",
  "clientName": "Some Client",
  "clientSecrets": [
    {
      "activation": "2018-11-22T01:14:26.876Z",
      "expiration": "2028-11-22T01:14:26.876Z",
      "secret": "ASECRET"
    }
  ],
  "fixedScope": true,
  "moduleId": "smart_auth",
  "nodeId": "Master",
  "registeredRedirectUris": [
     "https://example.com/oauth/callback"
  ],
  "scopes": [
    "patient/*.read",
    "patient/*.write"
  ],
  "secretRequired": true
}

Response:

This operation returns a JSON document object of type OAuth2ClientDetails. This document contains the same definition that was supplied in the client request.

Note that client secrets are not included in response objects.

17.6.4Update Client

 
This method requires the OPENID_CONNECT_EDIT_CLIENT permission.

This method update an existing client definition.


Request:

POST http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/[client_id]

Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition.

Example:

{
  "accessTokenValiditySeconds": 3600,
  "allowedGrantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "canIntrospectAnyTokens": true,
  "canIntrospectOwnTokens": true,
  "canReissueTokens": true,
  "clientId": "some-client",
  "clientName": "Some Client",
  "clientSecrets": [
    {
      "activation": "2018-11-22T01:14:26.876Z",
      "expiration": "2028-11-22T01:14:26.876Z",
      "secret": "ASECRET"
    }
  ],
  "fixedScope": true,
  "moduleId": "smart_auth",
  "nodeId": "Master",
  "registeredRedirectUris": [
     "https://example.com/oauth/callback"
  ],
  "scopes": [
    "patient/*.read",
    "patient/*.write"
  ],
  "secretRequired": true
}

Response:

This operation returns a JSON document object of type OAuth2ClientDetails. This document contains the same definition that was supplied in the client request.

Note that client secrets are not included in response objects.