OpenID Connect Sessions Endpoint
The OpenID Connect Sessions Endpoint can be used to see what applications and scopes are active for a given user.
This method will fetch a list of all active clients for a given user, and the approved scopes associated with each client.
The nuances of the OpenID Authorization flows are complicated and not necessarily obvious to an end user. As a result, this service tries to take a common-sense and inclusive definition of what it means for a client (i.e. an application) to be approved by a user.
Applications will be included in the response for the user if any of the following are true:
The list of scopes is also included for any clients returned by this service. Scopes will be included if they are approved for any Access or Refresh Tokens, or if they were previously remembered.
Request:
GET http://localhost:9000/openid-connect-sessions/all/user?user_node_id=[ID]&user_module_id=[ID]&username[USERNAME]
The supported URL parameters for selecting a user are listed below. You can select a user by username or by PID:
user_node_id=[ID]
– The node ID for the Inbound Security module associated with the user.user_module_id=[ID]
– The module ID for the Inbound Security module associated with the user.username_issuer=[ISSUER URL]
– (*optional) If the user was created through a federated OAUth2 login, the issuer URL should be placed in this parameter.username=[USERNAME]
– The username to search for.or
user_pid=[PID]
– The PID for the user to search for. If this parameter is specified, it is not necessary to specify the node ID, module ID or username. If those three parameters are specified, this parameter is not necessary.Response:
This operation returns a JSON document object of type UserDetailsOAuth2AllClientApprovals
Example:
{
"clients" : [ {
"clientNodeId" : "some-node-id",
"clientModuleId" : "some-module-id",
"clientId" : "client_id_1",
"clientName" : "Client Name 1",
"approvedScopes" : [ {
"scope" : "patient/Patient.read",
"description" : "Read Patient Demographics"
}, {
"scope" : "patient/Observation.read",
"description" : "Read Lab Results"
} ]
}, {
"clientNodeId" : "some-node-id",
"clientModuleId" : "some-module-id",
"clientId" : "client_id_2",
"clientName" : "Client Name 2",
"approvedScopes" : [ {
"scope" : "patient/*.read",
"description" : "Read All Data"
}, {
"scope" : "patient/*.write",
"description" : "Write All Data"
} ]
} ]
}
This method will fetch a single server stored in the system.
Request:
DELETE http://localhost:9000/openid-connect-sessions/revoke/user?user_node_id=[ID]&user_module_id=[ID]&username[USERNAME]&client_node_id=[ID]&client_module_id=[ID]&client_id=[ID]
The supported URL parameters for selecting a user are listed below. You can select a user by username or by PID:
user_node_id=[ID]
– The node ID for the Inbound Security module associated with the user.user_module_id=[ID]
– The module ID for the Inbound Security module associated with the user.username_issuer=[ISSUER URL]
– (*optional) If the user was created through a federated OAUth2 login, the issuer URL should be placed in this parameter.username=[USERNAME]
– The username to search for.or
user_pid=[PID]
– The PID for the user to search for. If this parameter is specified, it is not necessary to specify the node ID, module ID or username. If those three parameters are specified, this parameter is not necessary.The supported URL parameters for selecting a client are listed below:
client_node_id
– The node ID for the SMART Outbound Security module associated with the client.client_module_id
– The module ID for the SMART Outbound Security module associated with the client.client_id
– The client ID.Response:
This operation will return an HTTP 204 NO CONTENT if it is successful.