17.3.1Client Creation and Configuration
Trial

 

An additional OIDC client is required so that the appSphere functions correctly. Client creation and configuration can be done as follows:

  • Log-in to the Smile CDR Web Admin Console (the administration UI for configuring the system)
  • Enter username and password
  • On the landing page, select “Config” from the header's navigation menu
  • Under “Config” select “OpenID Connect Clients” from the dropdown list

OIDC Clients

  • In the “OpenID Connect Clients” page, select “Create Client” to create authorized OpenID Connect Clients

The following page allows OAuth2 Properties, SMART Scopes and Client Permissions to be set by entering required details or via the toggle switch. Ensure the following are assigned for the respective configurable sections.

OAuth2 Properties

  • Ensure that the ClientID mentioned matches that set in the appSphere module
  • In the Authorized Grant Types field, toggle to “Yes” for Authorization Code and select from the other grant types that need to be enabled
  • In the Authorized Redirect URLs field include links to the console and portal. NOTE: including the / the end of the URL is important.
  • For example:
    https://try.smilecdr.com/app-gallery/portal/
    https://try.smilecdr.com/app-gallery/console/

** IMPORTANT NOTE **

Ensure that the name entered for the Context Path field while configuring the appSphere module (see Getting Started) is correctly reflected in the Authorized Redirect URLs (for console and portal).

Create OIDC Client

SMART Scopes

  • In the Scopes field, enter the scopes (whitespace separated) that are permitted to be requested (e.g., online_access openid profile). Refer to Supported Scopes Documentation
  • In the Auto-Approve Scopes field, enter the scopes to be auto-approved so that the user does not need to manually approve them (e.g., cdr_all_user_authorities online_access openid profile).
  • In the Auto-Grant Scopes field, enter the scopes to be granted after client authorization without the need for user approval (e.g., cdr_all_user_authorities)

WARNING: Whether you use the EHR launch feature or not, the fields 'Scopes' and 'Auto-Approve Scopes' need to be added to launch/practitioner scopes and auto-approve scopes of the appSphere OIDC client, otherwise appSphere will break causing an error logging in.

SMART Scopes

Client Permissions

Toggle to “Yes” for the following permissions:

  • ACCESS_ADMIN_JSON
  • OPENID_CONNECT_ADD_CLIENT
  • OPENID_CONNECT_EDIT_CLIENT
  • OPENID_CONNECT_VIEW_CLIENT_LIST

OIDC Client Permissions

Under “Client Permissions”, each ID can be selected to get more information about a given role or permission.

After the required configurations have been set, click “Create” at the top of the page to be redirected to the “OpenID Connect Clients” page. In the “OpenID Connect Clients” page, a confirmation message will be displayed for the client created.

In the "Clients" table, the newly added client will be listed with the option to select “Edit” to make changes to the previously set OAuth2 Properties, SMART Scopes, and Client Permissions.

OIDC Clients Table