Smile CDR v2024.05.PRE
On this page:

35.7.1OpenID Connect Clients Endpoint

 

The OpenID Connect Clients Endpoint can be used to create, read, and update client definitions that are stored in Smile CDR.

35.7.2Fetch All OpenID Connect Client Definitions

 
This method requires the OPENID_CONNECT_VIEW_CLIENT_LIST permission.

This method will fetch all clients stored in the system.


Request:

GET http://localhost:9000/openid-connect-clients/

You may also add the following URL parameters:

  • pageIndex=[index] – The index of the page to return to the user (0 is the first page). Default value is 0.
  • pageSize=[size] – The size of the page to return to the user (e.g. 100). Default value is 100.
  • clientStatusFilter=['ENABLED', 'DISABLED', or 'ENABLED_AND_DISABLED'] – The status of clients to return to the user. Default value is ENABLED.

Response:

This operation returns a JSON document object of type OAuth2Clients. This object will then contain individual definitions of the type OAuth2Client.

Note that client secrets are redacted in response objects (and the secret itself is only persisted as a hash, so it could not be returned anyhow).

Example:

{
  "clients": [
    {
      "pid": 3846,
      "nodeId": "Master",
      "moduleId": "smart_auth",
      "clientId": "client-id",
      "clientName": "Client Name",
      "enabled": true,
      "accessTokenValiditySeconds": 3600,
      "allowedGrantTypes": [
        "AUTHORIZATION_CODE",
        "IMPLICIT"
      ],
      "alwaysRequireApproval": false,
      "canIntrospectAnyTokens": false,
      "canIntrospectOwnTokens": false,
      "canReissueTokens": false,
      "clientSecrets": [
        {
          "pid": 1,
          "secret": "***",
          "description": "t***",
          "activation": "2020-04-27T19:55:11.425-04:00"
        }
      ],
      "fixedScope": false,
      "refreshTokenValiditySeconds": 86400,
      "registeredRedirectUris": [
        "http://redirect.url"
      ],
      "rememberApprovedScopes": false,
      "scopes": [
        "patient/*.read"
      ],
      "secretClientCanChange": false,
      "secretRequired": false
    }
  ],
  "pageIndex": 0,
  "totalPages": 1
}

35.7.3Fetch Individual Client by Client ID

 
This method requires the OPENID_CONNECT_VIEW_CLIENT_LIST permission.

This method will fetch a single client stored in the system.


Request:

GET http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/[client_id]

Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition. The client_id is the ID found within the definition.

Response:

This operation returns a JSON document object of type OAuth2Client.

Note that client secrets are not included in response objects.

35.7.4Create Client

 
This method requires the OPENID_CONNECT_ADD_CLIENT permission.

This method will create a new client definition.


Request:

POST http://localhost:9000/openid-connect-clients/[node_id]/[module_id]

Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition.

Example:

{
  "moduleId": "smart_auth",
  "nodeId": "Master",
  "clientId": "some-client",
  "clientName": "Some Client",
  "accessTokenValiditySeconds": 3600,
  "allowedGrantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "canIntrospectAnyTokens": true,
  "canIntrospectOwnTokens": true,
  "canReissueTokens": true,
  "clientSecrets": [
    {
      "activation": "2018-11-22T01:14:26.876Z",
      "expiration": "2028-11-22T01:14:26.876Z",
      "secret": "THIS-IS-A-SECRET-123"
    }
  ],
  "fixedScope": true,
  "registeredRedirectUris": [
     "https://example.com/oauth/callback"
  ],
  "scopes": [
    "patient/*.read",
    "patient/*.write"
  ],
  "secretRequired": true
}

Response:

This operation returns a JSON document object of type OAuth2Client. This document contains the same definition that was supplied in the client request.

Note that client secrets are not included in response objects.

35.7.5Update Client

 
This method requires the OPENID_CONNECT_EDIT_CLIENT permission.

This method update an existing client definition.


Request:

PUT http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/[client_id]

Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition.

Example:

{
  "moduleId": "smart_auth",
  "nodeId": "Master",
  "clientId": "some-client",
  "clientName": "Some Client",
  "accessTokenValiditySeconds": 3600,
  "allowedGrantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "canIntrospectAnyTokens": true,
  "canIntrospectOwnTokens": true,
  "canReissueTokens": true,
  "clientSecrets": [
    {
      "activation": "2018-11-22T01:14:26.876Z",
      "expiration": "2028-11-22T01:14:26.876Z",
      "secret": "THIS-IS-A-SECRET-123"
    }
  ],
  "fixedScope": true,
  "registeredRedirectUris": [
     "https://example.com/oauth/callback"
  ],
  "scopes": [
    "patient/*.read",
    "patient/*.write"
  ],
  "secretRequired": true
}

Response:

This operation returns a JSON document object of type OAuth2Client. This document contains the same definition that was supplied in the client request.

Note that client secrets are not included in response objects.

35.7.6Create Client and generate secrets

 
This method requires the OPENID_CONNECT_ADD_CLIENT permission.

This method will create a new client definition and will generate secrets.


Request:

POST http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/register-client-and-generate-secret

Note:

  • the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition.
  • request should not have any secrets in payload

Example:

{
  "moduleId": "smart_auth",
  "nodeId": "Master",
  "clientId": "some-client",
  "clientName": "Some Client",
  "accessTokenValiditySeconds": 3600,
  "allowedGrantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "canIntrospectAnyTokens": true,
  "canIntrospectOwnTokens": true,
  "canReissueTokens": true,
  "fixedScope": true,
  "registeredRedirectUris": [
     "https://example.com/oauth/callback"
  ],
  "scopes": [
    "patient/*.read",
    "patient/*.write"
  ],
  "secretRequired": true
}

Response:

This operation returns a JSON document object of type OAuth2Client. This document contains the same definition that was supplied in the client request.

Note that client secrets are included in response objects.