Welcome to Smile CDR
- Table of Contents 1.0
- Smile CDR Maturity Model 1.1
- Smile CDR Premium Solutions 1.2
- List of Features by Maturity 1.3
- Changelog (2024 Releases) 1.4
- Changelog (2023 Releases) 1.5
- Changelog (2022 Releases) 1.6
- Changelog (2021 Releases) 1.7
- Changelog (2020 Releases) 1.8
- Changelog (2019 Releases) 1.9
- Changelog (2018 Releases) 1.10
- Changelog (2017 Releases) 1.11
Getting Started
Installation
- Installing Smile CDR 3.0
- Docker Container Installation 3.1
- Unix Service Installation 3.2
- Tuning your Installation 3.3
- Message Brokers 3.4
- Message Broker Failure Management 3.5
- Message Broker: Kafka 3.6
- Message Broker: ActiveMQ 3.7
- Pre-Seeding Configuration and Data 3.8
- Upgrading Smile CDR 3.9
- Production Checklist 3.10
- Module Licensing 3.11
Tutorial and Tour
The FHIR Standard
- FHIR Introduction 5.0
- FHIR CRUD Operations 5.1
- FHIR Searching Basics 5.2
- FHIR Search: References and Includes 5.3
- FHIR Search: Custom Search Parameters 5.4
- FHIR Transactions and Batches 5.5
- FHIRPath Expressions 5.6
FHIR Storage
- Concepts in Smile CDR 6.0
- FHIR Storage Modules 6.1
- FHIR Endpoint Module 6.2
- FHIRWeb Console 6.3
- OpenAPI / Swagger Support 6.4
- FHIR Endpoint Customization 6.5
- Resource IDs 6.6
- Search Parameters 6.7
- Search Parameter Features 6.8
- Phonetic Search Parameters 6.9
- Search Parameter Tuning 6.10
- Search Parameter Reindexing 6.11
- Searching for Data 6.12
- Creating Data 6.13
- Reading Data 6.14
- Updating Data 6.15
- Deleting Data 6.16
- Binary Data 6.17
- Request Tracing and Provenance 6.18
- FHIR Versions 6.19
- Resource Versions and Versioned References 6.20
- Tags, Profiles, and Security Labels 6.21
- Partitioning and Multitenancy 6.22
- Custom Resource Types 6.23
- Batch and Scheduled Jobs 6.24
FHIR Storage (Relational)
- FHIR Storage (Relational) Module 7.0
- Resource Storage Mode 7.1
- Performance Tuning 7.2
- Lucene Indexing 7.3
- Performance and Caching 7.4
- Chained Searching and Sorting 7.5
- MegaScale 7.6
FHIR Storage (MongoDB)
Validation and Conformance
- Introduction 9.0
- Validation Support Repository 9.1
- Validation Support Repository Options 9.2
- Conformance Data 9.3
- Repository Validation 9.4
- Repository Validation: Java 9.5
- Repository Validation: Javascript 9.6
- Repository Validation: Validation Bean 9.7
- Endpoint Validation 9.8
- Packages and Implementation Guides 9.9
- Package Registry Endpoint Module 9.10
- Remote Terminology Services 9.11
- Suppressing Messages 9.12
- Validation Performance 9.13
- Automatic Provenance Injection 9.14
Terminology
- Terminology Introduction 10.0
- Uploading Codes 10.1
- Terminology and Lucene Indexing 10.2
- ValueSet Expansion 10.3
- FHIR Response Terminology Mapping 10.4
Subscription
- Introduction 11.0
- Architecture 11.1
- Channel Types 11.2
- Delivery Options 11.3
- Manual Triggering 11.4
- Topic Subscriptions 11.5
Interceptors
- Interceptors 12.0
- Pointcuts 12.1
- Starter Project 12.2
- Examples: FHIR Endpoints 12.3
- Examples: HL7v2 Endpoints 12.4
- Examples: FHIR Storage 12.5
- Examples: FHIR Gateway 12.6
- Examples: FHIR Client 12.7
- Examples: MDM 12.8
- Examples: Subscription 12.9
- Examples: Channel Import 12.10
- Examples: Cluster Manager 12.11
- 2024.02.01 Migration Guide 12.12
Channel Import
Realtime Export
- Realtime Export Overview 14.0
- Realtime Export Rules Definition 14.1
- Using FHIRPath 14.2
- Debezium 14.3
Security
- Security in Smile CDR 15.0
- Authentication Protocols 15.1
- Authorization and Consent 15.2
- Inbound Security Module 15.3
- Local Inbound Security Module 15.4
- LDAP Inbound Security Module 15.5
- Scripted Inbound Security Module 15.6
- SAML Inbound Security Module 15.7
- Trusted Client Mode 15.8
- Roles and Permissions 15.9
- Callback Scripts 15.10
- Anonymous Access 15.11
- Consent Service 15.12
- Consent Service: JavaScript API 15.13
- Consent Service: Java API 15.14
- Security Recipes 15.15
- Two Factor Authentication 15.16
- Troubleshooting Security 15.17
SMART on FHIR
- SMART on FHIR: Introduction 16.0
- SMART: Scopes 16.1
- SMART: Auth Flows 16.2
- SMART: Endpoints 16.3
- Client Management 16.4
- OIDC Keystores 16.5
- SMART: Smile CDR Support 16.6
- SMART Outbound Security: Module 16.7
- SMART Outbound Security: Skinning 16.8
- SMART Outbound Security: Context Selection 16.9
- SMART Outbound Security: SAML Bridging 16.10
- SMART: Federated OAuth2/OIDC Login 16.11
- SMART: Application Approval/Consent 16.12
- SMART Inbound Security Module 16.13
- SMART: Session Management 16.14
- SMART: Assigning Permissions 16.15
- SMART: Access Tokens 16.16
- SMART: User Profile Information 16.17
- FHIR Client Authentication 16.18
appSphere
- Introduction 17.0
- Getting Started 17.1
- Associated Module Configurations 17.2
- Client Creation and Configuration 17.3
- Other Configurations 17.4
- Developer Portal 17.5
- App Management Console 17.6
- App Gallery 17.7
- Appendix 17.8
FHIR Gateway
- FHIR Gateway Introduction 18.0
- Configuration: Initial Setup 18.1
- Configuration: Document 18.2
- Custom Operations 18.3
- Caching 18.4
- Pagination 18.5
FHIR Hybrid Providers
LiveBundle
- LiveBundle Overview 20.0
- LiveBundle API 20.1
- LiveBundle Rule Definition 20.2
- LiveBundle Keepers 20.3
CDS Hooks
Master Data Management
- MDM 22.0
- MDM Quickstart Guide 22.1
- MDM Rule Definition 22.2
- Using EIDs in MDM Rule Definition 22.3
- MDM Survivorship Rules 22.4
- Upgrading from the EMPI module 22.5
- MDM UI 22.6
- MDM Blocklist Definition 22.7
- MDM Evaluate Operation 22.8
Quality Improvement
- Quality Improvement Overview 23.0
- Clinical Quality Language (CQL) 23.1
- Care Gaps 23.2
- Evaluating Measures 23.3
- Quality Payment Program (QPP) 23.4
- ActivityDefinitions 23.5
- PlanDefinitions 23.6
- Questionnaires 23.7
IG Support
EasyShare
- EasyShare SMART Health Links (SHL) 25.0
- EasyShare SHL Public module 25.1
- EasyShare SHL Admin module 25.2
Clustering
Logging
- Overview 27.0
- Audit Log 27.1
- Transaction Log 27.2
- System Logging 27.3
- Troubleshooting Logs 27.4
- Custom Logging 27.5
HL7 v2.x Support
- Introduction 28.0
- Inbound Messaging 28.1
- FHIR-Based Terminology Translation 28.2
- Outbound Messaging 28.3
- Outbound: Default Resource Conversion 28.4
- Outbound: Custom Resource Conversion 28.5
- Outbound: Verbatim Messaging 28.6
- Outbound: Transport 28.7
- Transactions 28.8
- Structure Definitions 28.9
- Segment Definitions 28.10
- Table Definitions 28.11
- Naming System Mapping 28.12
- Processing Results Feeds 28.13
- Protocol 28.14
CDA Exchange Module
- Introduction 29.0
- JavaScript Templates 29.1
- Rest API Operations 29.2
- Available Document and Section Types for CDA Export 29.3
- Available Document and Section Types for CDA Import 29.4
- JavaScript Hooks on CDA Import / Export 29.5
- Further Reading 29.6
CDA Exchange+ Module
- Introduction 30.0
- JavaScript Templates 30.1
- Rest API Operations 30.2
- Available Document and Section Types for CDA Export 30.3
- Available Document and Section Types for CDA Import 30.4
- JavaScript Hooks on CDA Import / Export 30.5
- FHIR-Based Terminology Translation 30.6
- Further Reading 30.7
System to System Data Exchange
- System to System Data Exchange Module 31.0
- Smile CDR Payer to Payer Quickstart Guide 31.1
- Custom Matching Script 31.2
Bulk Operations
Additional Features
Monitoring
- Monitoring Basics 34.0
- Elastic APM Basics 34.1
- Externalized Metrics 34.2
- OpenTelemetry Integration 34.3
Product Administration
JSON Admin Endpoints
- JSON Admin API 36.0
- Audit Log Endpoint 36.1
- Batch Job Endpoint 36.2
- Bulk Import Endpoint 36.3
- CDA Exchange Endpoint 36.4
- Metrics Endpoint 36.5
- Module Config Endpoint 36.6
- OpenID Connect Clients Endpoint 36.7
- OpenID Connect Servers Endpoint 36.8
- OpenID Connect Sessions Endpoint 36.9
- Runtime Status Endpoint 36.10
- System Config Endpoint 36.11
- Transaction Log Endpoint 36.12
- Troubleshooting Log Endpoint 36.13
- User Management Endpoint 36.14
HFQL: Direct SQL Access
- HFQL/SQL Overview 37.0
- SQL Syntax 37.1
- SQL Syntax: Select 37.2
- SQL Syntax: Where 37.3
- SQL Syntax: Limitations 37.4
- SQL Syntax: Examples 37.5
Product Configuration
Java Execution Environment
JavaScript Execution Environment
- Introduction 40.0
- Specifying JavaScript in Configuration File 40.1
- Remote Debugging 40.2
- ECMA Modules (import) 40.3
- Converter API 40.4
- Environment API 40.5
- Exceptions API 40.6
- OAuth2 Exceptions API 40.7
- FHIR REST API 40.8
- FHIR Model API 40.9
- HL7 v2.x Mapping API 40.10
- HTTP API 40.11
- LDAP API 40.12
- Log API 40.13
- Composition Resource API 40.14
- Composition Section API 40.15
- TransactionBuilder API 40.16
- Util API 40.17
- UUID API 40.18
- XML API 40.19
- Callback Models 40.20
Database Administration
- Database Design 41.0
- Database Connection Pool 41.1
- Setting Up PostgreSQL 41.2
- Troubleshooting PostgreSQL 41.3
- Setting Up MySQL 41.4
- Setting Up MariaDB 41.5
- Setting Up Oracle 41.6
- Setting Up SQL Server (MSSQL) 41.7
- AWS IAM Authentication 41.8
Localization
Smile CDR CLI (smileutil)
- Introduction 43.0
- Bulk Import 43.1
- Create FHIR Package 43.2
- Execute Script Function 43.3
- Export ConceptMap to CSV 43.4
- HL7 v2.x Analyze Flat File 43.5
- HL7 v2.x Transmit Flat File 43.6
- Import CSV to ConceptMap 43.7
- Map and Upload CSV Bulk Import File 43.8
- Migrate Database 43.9
- Clear Database Migration Lock 43.10
- Module Config Properties Export 43.11
- Reindex Terminology 43.12
- Synchronize FHIR Servers 43.13
- Upgrade H2 Database File 43.14
- Upload Bundle Files 43.15
- Upload CSV Bulk Import File 43.16
- Upload Sample Dataset 43.17
- Upload Terminology 43.18
- Generate Realtime Export Schema 43.19
- Validate FHIR Resources 43.20
Apache Camel Integration
Modules
- JSON Admin API 45.0
- Web Admin Console 45.1
- CDA Exchange 45.2
- Channel Import 45.3
- Cluster Manager 45.4
- CQL 45.5
- Audit Log Persistence 45.6
- Transaction Log Persistence 45.7
- Digital Quality Measures (DQM) 45.8
- Documentation Templates and Rules (DTR) 45.9
- Enterprise Master Patient Index 45.10
- CDS Hooks Endpoint 45.11
- FHIR Gateway Endpoint 45.12
- FHIR REST Endpoint (All Versions) 45.13
- FHIR REST Endpoint (DSTU2 - Deprecated) 45.14
- FHIR REST Endpoint (DSTU3 - Deprecated) 45.15
- FHIR REST Endpoint (R4 - Deprecated) 45.16
- FHIRWeb Console 45.17
- HL7 v2.x Listening Endpoint 45.18
- HL7 v2.x Listening Endpoint (Deprecated) 45.19
- HL7 v2.x Sending Endpoint 45.20
- Hybrid Providers Endpoint 45.21
- Package Registry Endpoint 45.22
- Subscription Websocket Endpoint 45.23
- ETL Importer 45.24
- MDM 45.25
- MDM UI 45.26
- Prior Auth CRD 45.27
- Prior Auth Support 45.28
- Narrative Generator 45.29
- FHIR Storage (DSTU2 RDBMS) 45.30
- FHIR Storage (R3 RDBMS) 45.31
- FHIR Storage (R4 RDBMS) 45.32
- FHIR Storage (R5 RDBMS) 45.33
- FHIR Storage (Mongo) 45.34
- Realtime Export 45.35
- LDAP Inbound Security 45.36
- Local Inbound Security 45.37
- SAML Inbound Security 45.38
- Scripted Inbound Security 45.39
- SMART Inbound Security 45.40
- SMART Outbound Security 45.41
- Subscription Matcher (All FHIR Versions) 45.42
- Subscription Matcher (DSTU2 - Deprecated) 45.43
- Subscription Matcher (DSTU3 - Deprecated) 45.44
- Subscription Matcher (R4 - Deprecated) 45.45
- appSphere 45.46
- Payer to Payer 45.47
- System to System Data Exchange 45.48
- Amazon HealthLake Outbound REST Connector 45.49
- License 45.50
- Camel 45.51
Configuration Categories
- Web Admin Console Settings 46.0
- appSphere 46.1
- Payer Config 46.2
- Initial appSphere Seeding 46.3
- Authentication Callback Scripts 46.4
- Auth: General for APIs 46.5
- User Authentication 46.6
- Auth: HTTP Basic 46.7
- Auth: OpenID Connect 46.8
- Browser Syntax Highlighting 46.9
- Camel 46.10
- Capability Statement (metadata) 46.11
- Care Gaps 46.12
- CDA Generation 46.13
- CDA Import 46.14
- CDA Interceptors 46.15
- CDA JavaScript Execution Scripts 46.16
- CDA Terminology 46.17
- CDS Hooks Definitions 46.18
- CDS Hooks On FHIR 46.19
- Channel Import 46.20
- Channel Retry 46.21
- Kafka 46.22
- Cluster Manager Maintenance 46.23
- Message Broker 46.24
- Cluster Level Security 46.25
- CQL 46.26
- Credentials 46.27
- Cross-Origin Resource Sharing (CORS) 46.28
- System to System Data Exchange 46.29
- Database 46.30
- Da Vinci Health Record Exchange 46.31
- DQM 46.32
- DTR 46.33
- EasyShare SMART Health Links 46.34
- Email Configuration 46.35
- Encounter Start CDS hook configuration 46.36
- MDM UI 46.37
- ETL Import: CSV Properties 46.38
- ETL Import: Source 46.39
- FHIR Binary Storage 46.40
- FHIR Bulk Operations 46.41
- Capability Statement 46.42
- FHIR Configuration 46.43
- Consent Service 46.44
- FHIR Endpoint Conversion 46.45
- FHIR Endpoint HFQL Support 46.46
- FHIR Endpoint Partitioning 46.47
- Resource Providers 46.48
- FHIR Endpoint Security 46.49
- Endpoint Terminology 46.50
- FHIR Gateway Cache 46.51
- FHIR Gateway Configuration 46.52
- FHIR Interceptors 46.53
- LiveBundle Service 46.54
- FHIR MDM Server 46.55
- FHIR Performance 46.56
- FHIR Performance Tracing 46.57
- FHIR Realtime Export 46.58
- Repository Validation 46.59
- FHIR Resource Types 46.60
- FHIR REST Endpoint 46.61
- FHIR Search 46.62
- Custom Resource Types 46.63
- IG Support 46.64
- MegaScale 46.65
- FHIR Storage Module Conditional Updates 46.66
- FHIR Storage Module Scheduled Tasks 46.67
- FHIR Validation Services 46.68
- FHIR Storage Package Registry 46.69
- FHIR Storage Partitioning 46.70
- Versioned References 46.71
- FHIR Subscription Delivery 46.72
- FHIR Subscription Persistence 46.73
- Amazon HealthLake REST Endpoint 46.74
- HL7 v2.x Mapper - Contained Resource 46.75
- HL7 v2.x Mapper - DG1 46.76
- HL7 v2.x Mapper - Forced Namespace Mode 46.77
- HL7 v2.x Mapper - General 46.78
- HL7 v2.x Mapper - Medications 46.79
- HL7 v2.x Mapper - OBR 46.80
- HL7 v2.x to FHIR Mapper - OBSERVATION Group 46.81
- HL7 v2.x Mapper - ORC 46.82
- HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group 46.83
- HL7 v2.x Mapper - PID 46.84
- HL7 v2.x Mapper - PV1 46.85
- Listener Interceptors 46.86
- HL7 v2.x Listener Script 46.87
- HL7 v2.x Listening Endpoint 46.88
- HL7 v2.x MLLP Listener 46.89
- HL7 v2.x MLLP Sender 46.90
- FHIR to HL7 v2.x Mapper Script 46.91
- HL7 v2.x Outbound Mapping 46.92
- HTTP Access Log 46.93
- HTTP Listener 46.94
- HTTP Request Pool 46.95
- HTTP Security 46.96
- Hybrid Providers Definitions 46.97
- IG Support 46.98
- Initial User Seeding 46.99
- JavaScript Execution Environment 46.100
- JSON Web KeySet (JWKS) 46.101
- LDAP Authentication 46.102
- Smile CDR License 46.103
- Lucene FullText Indexing 46.104
- MDM 46.105
- Narrative Generator 46.106
- OpenID Connect Token Validation 46.107
- OpenID Connect (OIDC) 46.108
- Order Sign CDS hook configuration 46.109
- Payer to Payer 46.110
- Prior Authorization Coverage Requirement Discovery 46.111
- Prior Authorization Support 46.112
- Privacy Security Notice 46.113
- Provenance Injection 46.114
- Quality Payment Program (QPP) 46.115
- Realtime Export 46.116
- Endpoint Validation: Request Validating 46.117
- Scheduler Configuration 46.118
- Search Parameter Seeding 46.119
- SAML Provider 46.120
- Security Inbound Script 46.121
- Inbound SMART on FHIR Authentication 46.122
- Inbound SMART on FHIR Endpoints 46.123
- OAuth2/OIDC Federation 46.124
- SMART Callback Script 46.125
- Cross-Organizational Data Access Profile 46.126
- SMART Login Skin 46.127
- SMART Login Terms of Service 46.128
- SMART Authorization 46.129
- SMART Definitions Seeding 46.130
- Sessions 46.131
- Two Factor Authentication 46.132
- TLS / SSL (Encryption) 46.133
- Transaction Log 46.134
- Trusted Client 46.135
- User Self Registration 46.136
Product Reference
Amazon HealthLake Outbound REST Connector
Appendix
SMART: Application Approval/Consent
16.12.1SMART: Application Approval / Consent
When using the SMART Outbound Security module to perform a SMART Application login, the user is typically presented with two screens during the authentication flow.
These screens are described below. The screenshots show these screens using their out-of-the-box configuration, but these screens can be skinned for complete customization.
- Step 1: Login Page
This page asks the user for credentials.
- Step 2: Approval Page
The second page is called the Approval Page, but is also sometimes referred to by implementers as the App Consent Page.
This page asks the user to confirm that they wish to sign in to the application, and requests confirmation of the OAuth2/SMART scopes being requested by the application.
16.12.2Approval Overview
16.12.3Auto-Approve / Auto-Grant Scopes
In the OIDC Client Definition, the Scopes property defines the scopes that an application is allowed to request. Any scopes that are requested by an application will be ignored unless they appear in this list.
By default, when an application requests a given scope, the user will be presented with a choice to approve or reject this scope. This step may or may not make sense depending on the application and its context of use. It is important to remember that requested scopes represent a request by the application to gain the ability to access or modify data on the user's behalf. They do not represent actions the user themself is allowed to perform (this concept is represented by Smile CDR permissions)
For example in the case of a Provider Application being deployed by a hospital to its clinicians, it may not make sense to require user approval for scopes since the data belongs to the organization supplying the application.
On the other hand, in the case of a Patient Application being provisioned for public consumption, explicit approval can be helpful in order to allow users to understand what data and actions are being requested by the application, and to allow these users to make informed choices about using the application.
If you wish to suppress the explicit approval of scopes, the following options can be used:
-
Auto-Approve Scope: If a scope is listed in the OIDC Client Definition as an auto-approve scope, it will be automatically granted (without explicit user approval) as long as the application requests it.
-
Auto-Grant Scope: If a scope is listed in the OIDC Client Definition as an auto-grant scope, it will be automatically granted (without explicit user approval) even if the application does not request it.
16.12.4Approval Flow
When a client requests authorization using an Interactive Flow, the user may or may not be presented with an approval page after they successfully enter their credentials.
The following diagram shows the scope approval steps:
16.12.5Customizing Scope Names
When using SMART on FHIR Applications, an important part of the security model involves allowing applications to request specific scopes.
If these scopes are configured in the OIDC Client Definition as auto-approve/auto-grant scopes, then the user will not be prompted for approval.
Smile CDR ships with default descriptions for SMART scopes, but you may wish to customize these in order to provide meaningful terms that make sense for the user population.
To customize a scope name, a property should be added to the cdr-messages.properties file with the following key: webadmin.view.security_out_smart.scope.[SCOPE].name (where [SCOPE] has been substituted for the actual scope text).
For example the following line in the localization file will rename the patient/*.read scope:
webadmin.view.security_out_smart.scope.patient/*.read.name=View Your Clinical Information
16.12.6Custom Security Scopes
The SMART on FHIR Scope framework provides a common mechanism for allowing applications to request data permissions in a standardized way. While this framework is quite powerful, it can not always express the detailed rules that may be required in order to meet specific project requirements, regulatory rules for a given jurisdiction, etc.
For example, an organization might wish to restrict access to a specific kind of laboratory test, allowing only specific apps to request this data and requiring users to explicitly approve this request.
A common approach for implementing this requirement is to define a custom scope and then require user approval for this scope. The Smile CDR Consent Service can then be used to apply detailed filtering based on the approved scopes.
16.12.6.1Example
For example, suppose you wished to suppress the release of SARS-nCov-2 results unless an application explicitly requests and is approved to access them.
In order to accomplish this, a new scope called observation_view_covid19 is created. The scope text should be chosen such that it does not conflict the names of existing SMART scopes, or of built-in OpenID Connect scopes (openid,
profile, email, etc). To define this scope:
-
Add the scope to the list of scopes in the OIDC Client Definition for the application. Note that custom scopes do not need to be pre-defined elsewhere (e.g. in the module configuration) in order to be used. If a scope is listed in the client defnition, it can be requested and approved.
-
Optionally, you may wish to add the scope as an Auto-Approve or Auto-Grant scope (see above).
-
If you are requiring explicit user approval for this scope, you should add a name for the scope to the localization file.
webadmin.view.security_out_smart.scope.observation_view_covid19.name=Access your COVID-19 Test Results
- A Consent Service script can now be created which permits or blocks access to these test results based on whether the scope is approved for a given user session. Refer to Example: Scope-Based Consent Script to see an example of how this script can be implemented.
The following screenshot shows an example of how the approval page will appear to an authenticating user, assuming the new custom scope has not been marked as Auto-Approve or Auto-Grant. Note of course that this page shows Smile CDR branding by default, but as with all pages in the SMART Outbound Security module, it can be completely skinned.
16.12.7Revocation Page
A user can revoke client access for a specific client (or all clients) that they have previously approved by navigating to '/session/management' on the Smart Auth Endpoint. On the default configuration this is http://www.example.com:9200/session/management.
After logging in, the user is presented with a list of applications with a "Revoke" button beside each. When the user clicks on the Revoke button for a specific application, all scope approvals are removed for that application. If the user needs to add those scopes back again in the future, they will need to go through the approval process again for that application.
A client will be shown as active (and therefore being eligible to be revoked) if any of the following holds true:
- The user has previously approved scopes for this client, and the client definition includes the Remember Approved Scopes setting.
- There is at least one Access Token that has been issued for the user for this client that is active and not yet expired.
- There is at least one Refresh Token that has been issued for the user for this client that is active and not yet expired.
Revoking the client will forget any previously remembered scope approvals, and deactivate any active Access and Refresh tokens for the client. It will also revoke any prior agreements to Terms of Service for the user.