This page describes various models that are available within different Smile CDR JavaScript callback functions. See individual module documentation for a description of how these objects are used.
This structure represents a link between a user in the auth database and a resource in the FHIR database. This can be used, for example, to specify that a particular user is a specific Patient in the CDR. That linkage can then be applied in order to make security/permission decisions.
| Name | Type | Description | |
| type | Enumeration |
The relationship between the user and the resource
Options:
|
|
| resourceId | String | The resource ID itself, e.g. 'Patient/123' |
Provides details about the context in which an authentication occurred. See onAuthenticateSuccess for information.
| Name | Type | Description | |
| nodeId | String | The node ID associated with the request | |
| moduleId | String | The module ID associated with the request | |
| startTime | Date (Instant) | The time at which the initial HTTP request was received | |
| remoteAddress | String | The IP address of the remote party to invoke the service | |
| remoteScheme | String |
The protocol used by the remote party to invoke the service (will generally be http or https)
|
|
| headers | Map<String,String> | The headers associated with the request |
This method represents a failed authentication attempt, and is returned by an authorization callback script.
| Name | Type | Description | |
| message | String | ||
| unknownUsername | Boolean | ||
| incorrectPassword | Boolean |
This object contains the credentials supplied by a client for authentication purposes
| Name | Type | Description | |
| username | String | The username | |
| password | String | The password | |
| remoteAddress | String | The IP address of the client | |
| headers | Map<String,String> | The HTTP headers associated with the request |
Contains attributes related to an OIDC client credentials grant request.
| Name | Type | Description | |
| jwtClaims | Map<String,Object> |
Contains context information passed into the ETL Import module mapping script
| Name | Type | Description | |
| userJobType | String | This field can contain an arbitrary token supplied by the client that initiated the job | |
| filename | String | This field can contain the filename of the specific file being imported |
| Name | Description | |
| getProcessingThreadNumber() |
Returns the processing thread number. This will be an integer between 0 and the maximum number of processing threads
Return Type: Int |
|
| lock(theKey) |
Attempt to obtain and lock an arbitrary named semaphore. This can be used to guarantee that two row processors do not attempt to operate on the same underlying resource at the same time by ensuring that one completes before another attempts to commit its own transaction.
Return Type: void Parameter theKey: theKey |
This structure represents an entry that captures a single entry in fhirContext, which can be either be a reference only (ex: "PractitionerRole/123") or a reference/role pair (ex: "List/123", "role": "https://example.org/med-list-at-home"). A reference is commonly to a FHIR resource and a role is an optional property with a URI identifying the role. The entire fhirContext is encoded in the access token and used by the relevant Smart application.
| Name | Type | Description | |
| reference | String | The reference to a resource, e.g. 'PractitionerRole/123' | |
| role | String | The role, e.g. 'https://example.org/med-list-at-home' |
Defines a response terminology mapping specification for a FHIR Endpoint module
| Name | Type | Description | |
| systems | Array<FhirEndpointTerminologyResponseMappingSpecSystem> |
{
"systems" : [ {
"sourceSystemUri" : "http://example.com/lab_codes",
"targetSystemUri" : "http://loinc.org"
}, {
"sourceSystemUri" : "http://example.com/anatomy",
"targetSystemUri" : "http://snomed.info"
} ]
}A code system entry for a FhirEndpointTerminologyResponseMappingSpec object
| Name | Type | Description | |
| sourceSystemUri | String | ||
| targetSystemUri | String |
This is the outer document element containing configuration for the Smile CDR FHIR Gateway module.
| Name | Type | Description | |
| targets | Array<GatewayTarget> | ||
| searchRoutes | Array<GatewaySearchRoute> | ||
| readRoutes | Array<GatewayReadRoute> | ||
| operationRoutes | Array<GatewayOperationRoute> | ||
| updateRoutes | Array<GatewayUpdateRoute> | ||
| createRoutes | Array<GatewayCreateRoute> | ||
| deleteRoutes | Array<GatewayDeleteRoute> | ||
| transactionRoutes | Array<GatewayTransactionRoute> |
{
"targets" : [ {
"id" : "target1",
"baseUrl" : "http://fhir1.example.com/api",
"resourceIdPrefix" : "TGT1-"
}, {
"id" : "target2",
"baseUrl" : "http://fhir2.example.com/api",
"resourceIdPrefix" : "TGT2-"
} ],
"searchRoutes" : [ {
"id" : "route1",
"resourceTypes" : [ "Observation", "Patient", "Encounter" ],
"targets" : [ {
"targetId" : "target1"
}, {
"targetId" : "target2"
} ],
"parallel" : true,
"disablePaging" : false
} ]
}Defines a Smile CDR FHIR Gateway route that services FHIR create operations.
| Name | Type | Description | |
| id | String | A unique ID for this route | |
| resourceTypes | Set<String> | The resource type (e.g. 'Patient') that this route applies to | |
| targets | Array<GatewayRouteTarget> | A list of gateway target server IDs that this route should direct operations to | |
| parallel | Boolean | If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded) |
Defines a Smile CDR FHIR Gateway route that services FHIR delete operations.
| Name | Type | Description | |
| id | String | A unique ID for this route | |
| resourceTypes | Set<String> | The resource type (e.g. 'Patient') that this route applies to | |
| targets | Array<GatewayRouteTarget> | A list of gateway target server IDs that this route should direct operations to | |
| parallel | Boolean | If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded) |
Defines FHIR Operation that can be called through the Smile CDR Gateway
| Name | Type | Description | |
| name | String | The name of the FHIR operation | |
| system | Boolean | This operation can be called at the system level | |
| type | Boolean | This operation can be called on a FHIR resource type | |
| instance | Boolean | This operation can be called on a FHIR resource instance |
Defines a Smile CDR FHIR Gateway route that services FHIR operations
| Name | Type | Description | |
| operations | Array<GatewayOperation> | The operations that this route applies to | |
| id | String | A unique ID for this route | |
| resourceTypes | Set<String> | The resource type (e.g. 'Patient') that this route applies to | |
| targets | Array<GatewayRouteTarget> | A list of gateway target server IDs that this route should direct operations to | |
| parallel | Boolean | If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded) |
Defines a Smile CDR FHIR Gateway route that services FHIR read and vread operations
| Name | Type | Description | |
| id | String | A unique ID for this route | |
| resourceTypes | Set<String> | The resource type (e.g. 'Patient') that this route applies to | |
| targets | Array<GatewayRouteTarget> | A list of gateway target server IDs that this route should direct operations to | |
| parallel | Boolean | If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded) |
Defines a target association for a Smile CDR FHIR Gateway route
| Name | Type | Description | |
| targetId | String | The ID of the target server |
Defines a Smile CDR FHIR Gateway route that services FHIR search operations
| Name | Type | Description | |
| disablePaging | Boolean | Responses for this route should not include paging links | |
| id | String | A unique ID for this route | |
| resourceTypes | Set<String> | The resource type (e.g. 'Patient') that this route applies to | |
| targets | Array<GatewayRouteTarget> | A list of gateway target server IDs that this route should direct operations to | |
| parallel | Boolean | If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded) |
Contains the definition for an individual Smile CDR FHIR Gateway target server
| Name | Type | Description | |
| id | String | An internal ID for the target server | |
| baseUrl | String | The base URL for the target server | |
| fixedEndpointUrl | String | If specified, will create a mapping between the baseUrl of the target, and this endpoint. When a bundle link is received that refers to this fixed endpoint, we will associate it to this target. | |
| httpBasicCredentials | String |
If specified, these credentials (in the form username:password) will be passed in all client requests to the target server
|
|
| connectTimeoutMillis | Int | Specifies a connection timeout (in millis) to use for communication with the target server. Default is 60000 | |
| socketTimeoutMillis | Int | Specifies a socket timeout (in millis) to use for communication with the target server. Default is 60000 | |
| clientInterceptorClasses | String | If specified, signals to FHIR Gateway to load a comma-delimited list of CLIENT_RESPONSE interceptor classes that will allow the user to overwrite the HTTP response | |
| resourceIdPrefix | String | If specified, provides a prefix that will be added to all resource IDs and local references for the target server before returning to the client | |
| useHttpPostForAllSearches | Boolean |
If set to true, FHIR search and paging operations against the target server will be performed using an HTTP POST instead of a GET. Default is false
|
|
| serverCapabilityStatementValidationEnabled | Boolean |
If set to false, FHIR Gateway will not validate the target server's CapabilityStatement with a request to /metadata. Default is true
|
|
| alternateValidationPath | String | An alternate validation path which can be used to validate the target server using a HTTP GET request. | |
| headersToForward | Array<String> | Any headers specified by name will be copied from the incoming client request and added to requests to the target server | |
| allowedToFail | Boolean |
If set to true, FHIR search operations against the target server that fail will not return an error to the client, unless all targets for a given request have failed. This flag does not apply to read routes. Default is false
|
|
| forcedEncoding | Enumeration |
If set, any requests containing a payload will have their payload re-encoded to the defined content-type before being forwarded to the target server
Options:
|
|
| retryStrategy | GatewayTargetRetryStrategy | If set, failed requests to this target will be retried using the specified retry configurations. |
{
"id" : "target1",
"baseUrl" : "http://localhost:8000",
"headersToForward" : [ "Sample-Header-1", "Sample-Header-2" ],
"allowedToFail" : true,
"retryStrategy" : {
"maxRetries" : 2,
"backoffStrategy" : "exponential",
"backoffInterval" : 100,
"errorRetryClasses" : [ "ca.uhn.fhir.rest.server.exceptions.MethodNotAllowedException" ]
}
}Contains configurations for the retry strategy for this target.
| Name | Type | Description | |
| maxRetries | Int | The number of times to retry on a failed request. | |
| backoffStrategy | Enumeration |
The backoff strategy to use for failed attempts.
Options:
|
|
| backoffInterval | Long | The backoff interval in milliseconds (defaulted to 1000ms). If an exponential backoff strategy is specified, this is the initial interval. | |
| errorRetryClasses | Array<String> | The underlying fully qualified (ie, ca.uhn.fhir.rest.server.exceptions.MethodNotAllowedException) error class names to retry on. |
Defines a Smile CDR FHIR Gateway route that services FHIR transaction operations.
| Name | Type | Description | |
| id | String | A unique ID for this route | |
| resourceTypes | Set<String> | The resource type (e.g. 'Patient') that this route applies to | |
| targets | Array<GatewayRouteTarget> | A list of gateway target server IDs that this route should direct operations to | |
| parallel | Boolean | If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded) |
Defines a Smile CDR FHIR Gateway route that services FHIR update operations.
| Name | Type | Description | |
| id | String | A unique ID for this route | |
| resourceTypes | Set<String> | The resource type (e.g. 'Patient') that this route applies to | |
| targets | Array<GatewayRouteTarget> | A list of gateway target server IDs that this route should direct operations to | |
| parallel | Boolean | If the search needs to invoke multiple target endpoints, should the calls be invoked in parallel (i.e. multi-threaded) |
A granted authority is a single user authority (permission) that has been granted to a user. This authority has a permission name, and optionally an argument.
| Name | Type | Description | |
| permission | Enumeration |
The name of the permission. See permissions for information on available permissions.
Options:
|
|
| argument | String | The argument for this authority. Note that some permissions do not take an argument while others require an argument. Consult the permission documentation for more information. |
Contains details about a converted/generated HL7 v2.x message
Contains a received HL7 v2.x Message
| Name | Type | Description | |
| received | Date (Instant) | The time at which this message was received | |
| rawMessage | HL7 v2.x Message | The actual HL7 message that was received | |
| controlId | String |
The message control ID (MSH-10)
|
|
| sendingPort | Int | The port on the remote system from which the message was sent | |
| sendingPort | String | The host IP of the remote system from which the message was sent | |
| transactionPid | Long | The PID assigned to this transaction by the transaction log |
Contains the result of an HL7 v2.x message runtime mapping or the conversion outcome of an HL7 v2.x message (into a FHIR payload)
| Name | Type | Description | |
| doNotProcess | Boolean | A flag to indicate whether or not a given message should be processed | |
| doNotAutoConvert | Boolean | A flag to indicate whether or not a given message should be passed through the Smile CDR built-in message translations. Set this to true in order to skip built-in message translation entirely. | |
| transactionBundles | Array<FHIR Resource> | An array of Bundle resources containing transactions to be submitted to the FHIR server |
| Name | Description | |
| addTransaction(theTransaction) |
Add a FHIR transaction to process
Return Type: void Parameter theTransaction: theTransaction |
|
| addMessage(thePath, theMessageLevel, theIssue) |
This method adds a message to the conversion result. Acceptable message levels are INFO, WARNING, and ERROR
Return Type: void Parameter thePath: thePath Parameter theMessageLevel: theMessageLevel Parameter theIssue: theIssue |
Represents a SMART launch context that has been assigned to a specific user session
| Name | Type | Description | |
| contextType | String | The launch context type, e.g. "patient" (note the lack of capitalization in SMART launch scope types) | |
| resourceId | String | The launch context resource ID, e.g. "123" (note that the resource type is not included in the ID) |
Represent launch context parameters to be added to a specific user session
| Name | Type | Description | |
| parameterName | String | The parameter name (need_patient_banner, smart_style_url) | |
| parameterValue | String | The parameter value |
This structure represents a link between a user in the auth database and a resource in the FHIR database. This can be used, for example, to specify that a particular user is a specific Patient in the CDR. That linkage can then be applied in order to make security/permission decisions.
| Name | Type | Description | |
| resourceType | String | The resource type, e.g. 'Patient' | |
| resourceId | String | The resource ID, e.g. '123' |
Request object for a MegaScale database credential request
| Name | Type | Description | |
| partitionId | Int | The numeric ID for the given partition | |
| partitionName | String | The name for the given partition |
Response object for a MegaScale database credential request
| Name | Type | Description | |
| databaseUrl | String | The JDBC database connection URL | |
| databaseUsername | String | The JDBC database connection username | |
| databasePassword | String | The JDBC database connection password | |
| databaseInitializationStatements | Array<String> | Any statements returned here will be issued to the database as raw SQL if the database is found to be empty, immediately after the Smile CDR database schema is initialized. |
Contains details about an OAuth2/OIDC request in progress
| Name | Type | Description | |
| clientId | String | Contains the authorizing client ID | |
| memberId | String | The member id obtained from the $member-match operation. | |
| consentResource | String | The consent resource obtained from the $member-match operation. |
| Name | Description | |
| addRequestParameter(theName, theValue) |
Add a request parameter to the generated access token
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| addAccessTokenClaim(theName, theValue) |
Add an additional claim to the generated access token.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getAudience() |
Retrieve the initial OAuth2 aud request parameter value
Return Type: String |
|
| setAudience(theAudience) |
Set the value from aud URL parameter from the initial OAuth2 authorization request
Return Type: void Parameter theAudience: theAudience |
|
| addTokenResponseValue(theName, theValue) |
Add an additional key/value pair to the response object for the token request. Unlike addAccessTokenClaim(...), this method does not add the claim to any generated tokens, but instead adds an additional key/value pair to the JSON object used as the Token Response for an Access Token Request. This applies both to interactive/launch flows such as Authorization Code and to non-interactive/system flows such as Client Credentials with JWT Credential.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getLaunch() |
Retrieve the value of the launch URL parameter from the initial OAuth2 authorization request
Return Type: String |
|
| setLaunch(theLaunch) |
Set the value from launch URL parameter from the initial OAuth2 authorization request
Return Type: void Parameter theLaunch: theLaunch |
|
| getRequestParameters() |
Retrieve all initial OAuth2 authorization request parameters
Return Type: Map<String,String> |
|
| getState() |
Retrieve the value of the state URL parameter from the initial OAuth2 authorization request
Return Type: String |
|
| setState(theState) |
Set the value from state URL parameter from the initial OAuth2 authorization request
Return Type: void Parameter theState: theState |
Represents an OpenID Connect client
| Name | Type | Description | |
| moduleId | String | The Module ID that this client is registered against | |
| nodeId | String | The Node ID that this client is registered against | |
| userData | Map<String,Object> | The user data for this session. | |
| pid | Long | The internal ID for this client. | |
| accessTokenValiditySeconds | Int | The number of seconds that an access token should be valid once it has been created. | |
| allowedGrantTypes | Set<Enumeration> |
The grant types that this client is permitted to perform. See Authorization Flows for a description of the possible flows.
Options:
|
|
| autoApproveScopes | Set<String> | Scopes listed here will be automatically approved if requested by the client during the initial authorization request, without requiring the user to explicitly accept them. | |
| autoGrantScopes | Set<String> | Scopes listed here will be automatically granted during every successful authorization by this client. These scopes do not have to be explicitly requested by the client during the initial authorization request. | |
| clientId | String |
The Client ID (corresponds to the iss field in many OAuth2 exchanges).
|
|
| clientName | String | A human friendly description/name for the client. | |
| clientSecrets | Array<OAuth2ClientSecret> | Optionally contains client secrets to be used by the client in some grant types. | |
| fixedScope | Boolean | Is this client fixed scope? When authorizing a fixed scope client, the list of scopes requested in the initial authorization request will be ignored, and the complete list of scopes in the Scope property will be assumed. If these scopes are not listed as Auto-Approve, the user will still be required to approve them. | |
| refreshTokenValiditySeconds | Int | The number of seconds that a refresh token will be valid for. | |
| registeredRedirectUris | Set<String> | The allowable redirect URIs that may be requested. | |
| scopes | Set<String> | A list of OAuth2 scopes that the client is allowed to request user approval for. | |
| secretRequired | Boolean | Is the client secret required in order to authenticate this client? | |
| secretClientCanChange | Boolean | Can the client change their own secret? | |
| enabled | Boolean | Is the client enabled? | |
| canIntrospectOwnTokens | Boolean | Can this client perform token introspection on tokens that it issued? | |
| canIntrospectAnyTokens | Boolean | Can this client perform token introspecton on any tokens issued by the security module it is registered against? | |
| alwaysRequireApproval | Boolean | Should the user approval page be displayed even if the client has not requested any scopes that require user approval? | |
| canReissueTokens | Boolean | Can the OAuth2 server reissue tokens that have been previously issued for this client, if the token request is the same (e.g. for the same user, requesting the same scopes, etc.) and the token is not close to expiry? | |
| permissions | Array<GrantedAuthority> | Any permission that should be granted directly to the client when it authenticates using the Client Credentials Grant. | |
| rememberApprovedScopes | Boolean | When a user performs an OAuth2 authentication/authorization flow for this client, should their approved scopes be remembered the next time they authenticate? | |
| attestationAccepted | Boolean | Has the client developer attested to the policy? | |
| publicJwks | String | The public JWKS Keystore for this client. Used when the client authenticated using a bearer token. | |
| jwksUrl | String | A public endpoint location of the JWK Set. If present, this will be used before any public JWKS on the client directly. | |
| archivedAt | Date (Instant) | The time at which this client was archived, if it has been. | |
| createdByAppSphere | Boolean |
| Name | Description | |
| addAuthority(thePermission, theArgument) |
Add an authority/permission with an argument to the given user
Return Type: void Parameter thePermission: thePermission Parameter theArgument: theArgument |
|
| addAuthority(thePermission) |
Add an authority/permission to the given user
Return Type: void Parameter thePermission: thePermission |
|
| addUserData(theExtraData) |
Add all entries to the user data. A null value will be ignored.
Return Type: void Parameter theExtraData: theExtraData |
|
| hasUserData(theName) |
Has user data for name been set?
Return Type: Boolean Parameter theName: theName |
|
| clearUserData(theName) |
Clear all user data.
Return Type: void Parameter theName: theName |
|
| setUserDataINN(theName, theValue) |
Sets a user supplied data value in the session if value is not null.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserString(theName) |
Get a user supplied data value as a string (converting if needed) or null if unset.
Return Type: String Parameter theName: theName |
|
| getUserInt(theName) |
Get a user supplied data value as a integer, converting null/unset to 0.
Return Type: Int Parameter theName: theName |
|
| setUserData(theName, theValue) |
Sets a user supplied data value in the session.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserData(theName) |
Get a user supplied data value.
Return Type: Object Parameter theName: theName |
A client secret for an OAuth2 client
| Name | Type | Description | |
| pid | Long | ||
| secret | String | ||
| description | String | ||
| expiration | Date (Instant) | ||
| activation | Date (Instant) |
A client session object contains details about an OIDC client's OAuth2 session (i.e. it was accessed via a bearer token that was granted by a SMART Auth server)
| Name | Type | Description | |
| moduleId | String | The Module ID that this client is registered against | |
| nodeId | String | The Node ID that this client is registered against | |
| userData | Map<String,Object> | The user data for this session. | |
| pid | Long | The internal ID for this client. | |
| accessTokenValiditySeconds | Int | The number of seconds that an access token should be valid once it has been created. | |
| allowedGrantTypes | Set<Enumeration> |
The grant types that this client is permitted to perform. See Authorization Flows for a description of the possible flows.
Options:
|
|
| autoApproveScopes | Set<String> | Scopes listed here will be automatically approved if requested by the client during the initial authorization request, without requiring the user to explicitly accept them. | |
| autoGrantScopes | Set<String> | Scopes listed here will be automatically granted during every successful authorization by this client. These scopes do not have to be explicitly requested by the client during the initial authorization request. | |
| clientId | String |
The Client ID (corresponds to the iss field in many OAuth2 exchanges).
|
|
| clientName | String | A human friendly description/name for the client. | |
| clientSecrets | Array<OAuth2ClientSecret> | Optionally contains client secrets to be used by the client in some grant types. | |
| fixedScope | Boolean | Is this client fixed scope? When authorizing a fixed scope client, the list of scopes requested in the initial authorization request will be ignored, and the complete list of scopes in the Scope property will be assumed. If these scopes are not listed as Auto-Approve, the user will still be required to approve them. | |
| refreshTokenValiditySeconds | Int | The number of seconds that a refresh token will be valid for. | |
| registeredRedirectUris | Set<String> | The allowable redirect URIs that may be requested. | |
| scopes | Set<String> | A list of OAuth2 scopes that the client is allowed to request user approval for. | |
| secretRequired | Boolean | Is the client secret required in order to authenticate this client? | |
| secretClientCanChange | Boolean | Can the client change their own secret? | |
| enabled | Boolean | Is the client enabled? | |
| canIntrospectOwnTokens | Boolean | Can this client perform token introspection on tokens that it issued? | |
| canIntrospectAnyTokens | Boolean | Can this client perform token introspecton on any tokens issued by the security module it is registered against? | |
| alwaysRequireApproval | Boolean | Should the user approval page be displayed even if the client has not requested any scopes that require user approval? | |
| canReissueTokens | Boolean | Can the OAuth2 server reissue tokens that have been previously issued for this client, if the token request is the same (e.g. for the same user, requesting the same scopes, etc.) and the token is not close to expiry? | |
| permissions | Array<GrantedAuthority> | Any permission that should be granted directly to the client when it authenticates using the Client Credentials Grant. | |
| rememberApprovedScopes | Boolean | When a user performs an OAuth2 authentication/authorization flow for this client, should their approved scopes be remembered the next time they authenticate? | |
| attestationAccepted | Boolean | Has the client developer attested to the policy? | |
| publicJwks | String | The public JWKS Keystore for this client. Used when the client authenticated using a bearer token. | |
| jwksUrl | String | A public endpoint location of the JWK Set. If present, this will be used before any public JWKS on the client directly. | |
| archivedAt | Date (Instant) | The time at which this client was archived, if it has been. | |
| createdByAppSphere | Boolean |
| Name | Description | |
| addAuthority(thePermission, theArgument) |
Add an authority/permission with an argument to the given user
Return Type: void Parameter thePermission: thePermission Parameter theArgument: theArgument |
|
| addAuthority(thePermission) |
Add an authority/permission to the given user
Return Type: void Parameter thePermission: thePermission |
|
| addUserData(theExtraData) |
Add all entries to the user data. A null value will be ignored.
Return Type: void Parameter theExtraData: theExtraData |
|
| hasUserData(theName) |
Has user data for name been set?
Return Type: Boolean Parameter theName: theName |
|
| clearUserData(theName) |
Clear all user data.
Return Type: void Parameter theName: theName |
|
| setUserDataINN(theName, theValue) |
Sets a user supplied data value in the session if value is not null.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserString(theName) |
Get a user supplied data value as a string (converting if needed) or null if unset.
Return Type: String Parameter theName: theName |
|
| getUserInt(theName) |
Get a user supplied data value as a integer, converting null/unset to 0.
Return Type: Int Parameter theName: theName |
|
| setUserData(theName, theValue) |
Sets a user supplied data value in the session.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserData(theName) |
Get a user supplied data value.
Return Type: Object Parameter theName: theName |
A collection of OAuth2 clients
| Name | Type | Description | |
| clients | Array<OAuth2Client> | ||
| pageIndex | Int | ||
| totalPages | Int |
{
"clients" : [ {
"clientId" : "my-client-id",
"clientName" : "Sample Client",
"enabled" : false,
"allowedGrantTypes" : [ "AUTHORIZATION_CODE", "REFRESH_TOKEN" ],
"alwaysRequireApproval" : false,
"attestationAccepted" : false,
"canIntrospectAnyTokens" : false,
"canIntrospectOwnTokens" : false,
"canReissueTokens" : false,
"clientSecrets" : [ {
"secret" : "THIS_IS_A_CLIENT_SECRET",
"expiration" : "2025-08-19T15:03:35.888-07:00",
"activation" : "2024-08-19T15:03:35.888-07:00"
} ],
"createdByAppSphere" : false,
"fixedScope" : false,
"registeredRedirectUris" : [ "http://example.com/app-redirect" ],
"rememberApprovedScopes" : false,
"scopes" : [ "openid", "patient/*.read", "profile" ],
"secretClientCanChange" : false,
"secretRequired" : true
} ],
"pageIndex" : 0,
"totalPages" : 0
}An OAuth2/OpenID Connect server definition
| Name | Type | Description | |
| pid | Long | The internal persistence ID for this provider. | |
| name | String | A user friendly name/description of this provider. | |
| issuer | String | The issuer URL. | |
| tokenIntrospectionClientId | String | The client ID to use when performing token introspection against this provider. | |
| tokenIntrospectionClientSecret | String | The client secret to use when performing token introspection against this provider. | |
| nodeId | String | The Node ID for the security module that this definition applies to. | |
| moduleId | String | The security Module ID that this definition applies to. | |
| validationJwkText | String | A JSON document containing the JWK Set containing the public key used to validate signed tokens issued by this server. This is not required for federated server definitions but is required otherwise. | |
| validationJwkFile | String | A local file path / classpath to use to supply the JWK Set containing the public key used to validate signed tokens issued by this server. This field applies only to non-federated providers. | |
| federationRegistrationId | String | A unique identifier for the federation between Smile CDR and the federated provider. If this is left blank, a unique value will be automatically created by Smile CDR. You may choose to use a more descriptive value however, as it will appear in URLs and log statements. Since this value will appear in URL paths, only letters and numbers should be used with no whitespace. | |
| federationRequestScopes | String | When requesting authorization against the federated provider, this setting controls which OAuth2 scopes will be requested. Note that the scopes requested by the security module from the federated provider are independent from the scopes requested by the SMART application that is authorizing against Smile CDR. In a typical flow, a SMART on FHIR application will request SMART scopes from Smile CDR, and Smile CDR will in turn request a different set of appropriate scopes from the federated provider. | |
| federationAuthorizationUrl | String | The URL to redirect the requesting user to in order to request user authentication/authorization with the federated provider. | |
| federationTokenUrl | String | The service URL used by the SMART Outbound Security module for code exchange when requesting a token from the federated provider. | |
| federationUserInfoUrl | String | The service URL used by the SMART Outbound Security module for requesting user details. | |
| federationJwkSetUrl | String | The URL from which to obtain the federated provider's token signing public key. | |
| federationAuthScriptText | String | When using Federated OAuth2/OIDC Login, a script is used to bridge between the user authorization details received from the federated provider and the requested authorization details in the originating SMART on FHIR application. This script is used to assign appropriate permissions and inject any other required details into the user session. It may obtain all required information by inspecting the access token details, or it may make additional service calls to fetch information. | |
| federationUserMappingScriptText | String | When using Federated OAuth2/OIDC Login, an optional script that is used to create Smile CDR user name from the federated login details. | |
| fhirEndpointUrl | String | The FHIR Endpoint URL associated to this OIDC Server. P2P specific-optional | |
| authWellKnownConfigUrl | String | The auth well-known configuration URL associated to this OIDC Server to retrieve fhir data. P2P specific-optional | |
| notes | String | Registration URL, etc. P2P specific-optional | |
| customTokenParams | String | Customized token parameters for this OIDC Server. P2P specific-optional | |
| responseType | String | The response type for the associated OIDC Server. P2P specific-optional | |
| organizationId | String | The identification code used to specify an organization or business. (i.e. Payer ID/A five digit standardized industry identify used by payers). P2P specific-optional | |
| audience | String | The audience parameter. Defines the intended consumer of the token. P2P specific-optional | |
| archivedAt | Date (Instant) | The time at which this module was archived, if it has been. |
A collection of OAuth2/OpenID Connect server definitions
| Name | Type | Description | |
| servers | Array<OAuth2Server> | ||
| pageIndex | Int | ||
| totalPages | Int |
{
"servers" : [ {
"issuer" : "http://idp.example.com",
"name" : "Acme Identity Provider Corp",
"tokenIntrospectionClientId" : "my-client-id",
"tokenIntrospectionClientSecret" : "THIS_IS_A_CLIENT_SECRET"
} ],
"pageIndex" : 0,
"totalPages" : 0
}A person to use as an option for context selection.
| Name | Type | Description | |
| familyName | String | ||
| givenName | String | ||
| birthDate | String | The birth date associated with this person. Note that element is treated as a freetext string, and any format is accepted. | |
| userData | Map<String,Object> | The user data for this person. | |
| id | String | A unique ID for the person entry. This property is set automatically and can not be changed. | |
| associatedPatientContextResourceId | String | ||
| associatedAuthorities | Array<GrantedAuthority> | ||
| autoGrantScopes | Set<String> | The auto granted scopes for this person | |
| requestedScopes | Set<String> | The requested scopes for this person |
| Name | Description | |
| addAutoGrantScopes(theScopes) |
Add auto-grant scopes that will be not be shown to the user. Supports multiple whitespace separated scopes.
Return Type: void Parameter theScopes: theScopes |
|
| addRequestedScopes(theScopes) |
Add scopes to the client request for approval by the user. Supports multiple whitespace separated scopes.
Return Type: void Parameter theScopes: theScopes |
|
| removeAutoGrantScopes(theScopes) |
Remove auto-grant scopes that will be not be shown to the user. Supports multiple whitespace separated scopes.
Return Type: void Parameter theScopes: theScopes |
|
| removeRequestedScopes(theScopes) |
Remove scopes to the client request for approval by the user. Supports multiple whitespace separated scopes.
Return Type: void Parameter theScopes: theScopes |
|
| addUserData(theExtraData) |
Add all entries to the user data. A null value will be ignored.
Return Type: void Parameter theExtraData: theExtraData |
|
| hasUserData(theName) |
Has user data for name been set?
Return Type: Boolean Parameter theName: theName |
|
| clearUserData(theName) |
Clear all user data.
Return Type: void Parameter theName: theName |
|
| setUserDataINN(theName, theValue) |
Sets a user supplied data value in the session if value is not null.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserString(theName) |
Get a user supplied data value as a string (converting if needed) or null if unset.
Return Type: String Parameter theName: theName |
|
| getUserInt(theName) |
Get a user supplied data value as a integer, converting null/unset to 0.
Return Type: Int Parameter theName: theName |
|
| setUserData(theName, theValue) |
Sets a user supplied data value in the session.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserData(theName) |
Get a user supplied data value.
Return Type: Object Parameter theName: theName |
|
| addAuthority(thePermission, theArgument) |
Add an authority/permission with an argument to the given user
Return Type: void Parameter thePermission: thePermission Parameter theArgument: theArgument |
|
| addAuthority(thePermission) |
Add an authority/permission to the given user
Return Type: void Parameter thePermission: thePermission |
This object represents a set of context choices that can be selected from by a user authorizing an app via the SMART Outbound Security module.
| Name | Type | Description | |
| persons | Array<OAuth2SmartContextSelectionChoicePerson> | persons | |
| customScopeDisplay | Map<String,String> | Custom Scope Display |
| Name | Description | |
| addPerson() |
Adds and returns a person object
Return Type: OAuth2SmartContextSelectionChoicePerson |
|
| haveChoices() |
Returns true if one or more persons has been added to this object
Return Type: Boolean |
|
| addDisplayTranslation(theScope, theDisplayText) |
Add custom display name for the scope
Return Type: void Parameter theScope: theScope Parameter theDisplayText: theDisplayText |
Response object when invalidating OpenID Connect tokens
| Name | Type | Description | |
| accessTokenCount | Int | The count of invalidated access tokens | |
| refreshTokenCount | Int | The count of invalidated refresh tokens |
Defines a set of instructions for package installation
| Name | Type | Description | |
| packageUrl | String | The direct package URL | |
| name | String | The NPM package Name | |
| version | String | The direct package version | |
| installMode | Enumeration |
Should resources from this package be extracted from the package and installed into the repository individually
Options:
|
|
| installResourceTypes | Array<String> | If resources are being installed individually, this is list provides the resource types to install. By default, all conformance resources will be installed. | |
| fetchDependencies | Boolean | Should dependencies be automatically resolved, fetched and installed with the same settings | |
| reloadExisting | Boolean | Should existing resources be reloaded. Defaults to true, but can be set to false to avoid re-index operations for existing search parameters |
{
"name" : "hl7.fhir.us.core",
"version" : "3.1.0",
"installMode" : "STORE_ONLY",
"reloadExisting" : true,
"fetchDependencies" : true
}{
"name" : "com.example.my-resources",
"version" : "1.0",
"packageUrl" : "classpath:/my-resources.tgz",
"installMode" : "STORE_AND_INSTALL",
"installResourceTypes" : [ "Organization", "Medication", "PlanDefinition", "SearchParameter" ],
"reloadExisting" : true,
"fetchDependencies" : false
}A partition definition
| Name | Type | Description | |
| id | Int | ||
| name | String | ||
| description | String |
A collections of partition definitions
| Name | Type | Description | |
| partitions | Array<PartitionDefinition> |
{
"partitions" : [ {
"id" : 1,
"name" : "Partition-A",
"description" : "The first partition"
}, {
"id" : 2,
"name" : "Partition-B",
"description" : "The second partition"
} ]
}This object contains details about a FHIR request at runtime
| Name | Type | Description | |
| approvedScopes | Set<String> | ||
| tenantId | String | ||
| compartmentName | String | ||
| completeUrl | String | ||
| fhirServerBase | String | ||
| id | String | ||
| operation | String | ||
| requestPath | String | ||
| requestType | Enumeration |
Options:
|
|
| resourceName | String | ||
| respondGzip | Boolean | ||
| restOperationType | Enumeration |
Options:
|
|
| secondaryOperation | String | ||
| subRequest | Boolean |
| Name | Description | |
| getParameters(theParameterName) |
Returns an array of URL values for the given parameter
Return Type: Array<String> Parameter theParameterName: theParameterName |
|
| getHeader(theHeaderName) |
Returns an array of HTTP header values for the given key
Return Type: Array<String> Parameter theHeaderName: theHeaderName |
This object is used by authorization scripts to create success or failure objects to be returned by the script function.
| Name | Description | |
| newSuccess() |
This method creates a successful response that can be populated by the script, and then returned by the function.
Return Type: UserSessionDetails |
|
| newFailure() |
This method creates a failure response that can be populated by the script, and then returned by the function.
Return Type: AuthenticationFailure |
This object is passed to consent services scripts to provide context services
| Name | Description | |
| proceed() |
Advise the consent service that this operation should proceed (i.e. the operation will not be rejected, and the consent service will continue to evaluate)
Return Type: void |
|
| reject() |
Advise the consent service that this operation should be rejected
Return Type: void |
|
| authorized() |
Advise the consent service that this operation should be authorized (i.e. no further checking should occur)
Return Type: void |
Provides details and functions around the context of an authentication using the LDAP Inbound Security module. Objects of this type inherit all properties of their ancestor type AuthenticationContext.
| Name | Type | Description | |
| nodeId | String | The node ID associated with the request | |
| moduleId | String | The module ID associated with the request | |
| startTime | Date (Instant) | The time at which the initial HTTP request was received | |
| remoteAddress | String | The IP address of the remote party to invoke the service | |
| remoteScheme | String |
The protocol used by the remote party to invoke the service (will generally be http or https)
|
|
| headers | Map<String,String> | The headers associated with the request |
| Name | Description | |
| getStringAttributes(theAttributeName) |
Fetch string attribute values for the given attribute name in LDAP for the authenticated user
Return Type: Array<String> Parameter theAttributeName: theAttributeName |
|
| isMemberOfGroup(theGroupDn, theMemberAttribute) |
Return true if the authenticated user is in the given group
Return Type: Boolean Parameter theGroupDn: theGroupDn Parameter theMemberAttribute: theMemberAttribute |
|
| isMemberOfGroup(theGroupDn) |
Return true if the authenticated user is in the given group using member as membership attribute
Return Type: Boolean Parameter theGroupDn: theGroupDn |
|
| isMemberOfGroup(theGroupDn, theMemberAttribute, theSearchBaseDn) |
Return true if the authenticated user is in the given group. LDAP static groups with class:groupOfNames use member to enumerate members. This is the default value for theMemberAttribute.But if the group is defined differently (e.g. groupOfUniqueNames uses uniqueMember), pass that attribute name as theMemberAttribute.Use theSearchBaseDn to (optionally) scope the search for groups.
Return Type: Boolean Parameter theGroupDn: theGroupDn Parameter theMemberAttribute: theMemberAttribute Parameter theSearchBaseDn: theSearchBaseDn |
|
| queryStringAttributes(theAttributeName) |
Query string attribute values for the given attribute name in LDAP for the authenticated user.Useful for fetching dynamic attributes not loaded during the authentication bind.
Return Type: Array<String> Parameter theAttributeName: theAttributeName |
Provides the context for the onAuthenticateSuccess callback method on the SMART Inbound Security module. Objects of this type inherit all properties of their ancestor type AuthenticationContext.
| Name | Type | Description | |
| nodeId | String | The node ID associated with the request | |
| moduleId | String | The module ID associated with the request | |
| startTime | Date (Instant) | The time at which the initial HTTP request was received | |
| remoteAddress | String | The IP address of the remote party to invoke the service | |
| remoteScheme | String |
The protocol used by the remote party to invoke the service (will generally be http or https)
|
|
| headers | Map<String,String> | The headers associated with the request |
| Name | Description | |
| getClaim(theName) |
This function gets any claim in the claims map, returning the JSON value found there. If no claim exists with the given name, null is returned.
Return Type: Object Parameter theName: theName |
|
| getStringClaim(theName) |
This function returns the claim contained within the encoded ID token JWT. The claim value is expected to be a string.
Return Type: String Parameter theName: theName |
|
| getClaims() |
This function gets all claims from the token as a claims map.
Return Type: Map<String,Object> |
|
| getApprovedScopes() |
This function returns an array of the approved scopes
Return Type: Set<String> |
|
| getStringArrayClaim(theName) |
This function returns the claim contained within the encoded ID token JWT. The claim value is expected to be an array of strings.
Return Type: Array<String> Parameter theName: theName |
|
| hasApprovedScope(theScope) |
This function returns true if the session has been approved for the given OAuth2 scope
Return Type: Boolean Parameter theScope: theScope |
This object is passed to the SMART Cross-Organization Data Access Profile authorization callback script
| Name | Type | Description | |
| requestingPractitioner | FHIR Resource | ||
| requestedRecord | FHIR Resource | ||
| reasonForRequest | String | ||
| clientId | String | ||
| scope | Set<String> | ||
| rawAuthorizationToken | String | ||
| rawAuthenticationToken | String |
This class represents a completed SMART Authorization. It contains details about the authorization, what was granted, who it was granted to, etc.
| Name | Type | Description | |
| grantType | String | ||
| accessToken | String | ||
| grantedScopes | Set<String> | ||
| expiration | Date (Instant) | ||
| requestingPractitioner | FHIR Resource | ||
| requestedRecord | FHIR Resource | ||
| refreshToken | String |
This object is used as an argument to the onSmartScopeAuthorityNarrowing(...) function, which is invoked after SMART scopes have been applied to narrow a user/client's session permissions.
| Name | Description | |
| hasScope(theScope) |
Checks whether the given scope has been authorized for the current session, either because it was requested and approved, or because it was automatically granted.
Return Type: Boolean Parameter theScope: theScope |
|
| hasOutputAuthority(thePermissionName, theArgument) |
Tests whether an authority was present on the session after any scope-based narrowing.
Return Type: Boolean Parameter thePermissionName: thePermissionName Parameter theArgument: theArgument |
|
| hasOutputAuthority(thePermissionName) |
Tests whether an authority was present on the session after any scope-based narrowing.
Return Type: Boolean Parameter thePermissionName: thePermissionName |
|
| addOutputAuthority(thePermissionName) |
Adds a new authority to the collection of authorities that will ultimately be approved for the session.
Return Type: void Parameter thePermissionName: thePermissionName |
|
| addOutputAuthority(thePermissionName, theArgument) |
Adds a new authority to the collection of authorities that will ultimately be approved for the session.
Return Type: void Parameter thePermissionName: thePermissionName Parameter theArgument: theArgument |
|
| removeOutputAuthority(thePermissionName, theArgument) |
Removes an authority to the collection of authorities that will ultimately be approved for the session.
Return Type: void Parameter thePermissionName: thePermissionName Parameter theArgument: theArgument |
|
| removeOutputAuthority(thePermissionName) |
Removes an authority to the collection of authorities that will ultimately be approved for the session.
Return Type: void Parameter thePermissionName: thePermissionName |
|
| hasInputAuthority(thePermissionName, theArgument) |
Tests whether an authority was present on the session prior to any scope-based narrowing.
Return Type: Boolean Parameter thePermissionName: thePermissionName Parameter theArgument: theArgument |
|
| hasInputAuthority(thePermissionName) |
Tests whether an authority was present on the session prior to any scope-based narrowing.
Return Type: Boolean Parameter thePermissionName: thePermissionName |
A user definition
| Name | Type | Description | |
| accountDisabled | Boolean | ||
| notes | String | ||
| String | |||
| accountExpiry | Date (Instant) | ||
| accountLocked | Boolean | ||
| failedLoginAttempts | Int | ||
| authorities | Array<GrantedAuthority> | ||
| associatedResources | Array<AssociatedResource> | A collection of "associated resource" IDs. Associated resources are FHIR resources with some connection to the given user, such as a Patient or Practitioner resource representing the actual user. | |
| credentialExpiry | Date (Instant) | ||
| familyName | String | ||
| givenName | String | ||
| lastActive | Date (Instant) | The date at which the user account was last used. Note that this property is read-only, and is only updated once per day, so it is accurate only to the date. | |
| lastConnected | Date (Instant) | The date at which the user last logged in. This property is read-only and is accurate to the minute. | |
| moduleId | String | The module ID associated with this user account. This is the module ID associated with the Inbound Security module that is responsible for authenticating this user. | |
| nodeId | String | The node ID associated with this user. This is the master node ID associated with the Inbound Security module that is responsible for authenticating this user. | |
| password | String | The user password (note that this property will not be populated when sessions are made available to user code) | |
| pid | Long | The PID (internal ID) for this user | |
| username | String | The username for this user | |
| usernameNamespace | String | The username namespace associated with this user | |
| systemUser | Boolean | If this is set, the user cannot be renamed or deleted (this property may only be set by the system) | |
| external | Boolean | If this value is set, the user is backed by an external user directory (this property may only be set by the system) | |
| defaultLaunchContexts | Array<LaunchContext> | The SMART launch contexts associated with this account | |
| serviceAccount | Boolean | ||
| twoFactorAuthStatus | Enumeration |
Options:
|
| Name | Description | |
| hasAuthority(thePermission) |
Does the user have the given permission?
Return Type: Boolean Parameter thePermission: thePermission |
|
| getOrCreateDefaultLaunchContext(theContextType, theIndex) |
Returns the first default launch context for the given type, creating one if none exists
Return Type: LaunchContext Parameter theContextType: theContextType Parameter theIndex: theIndex |
|
| getOrCreateDefaultLaunchContext(theContextType) |
Returns the first default launch context for the given type, creating one if none exists
Return Type: LaunchContext Parameter theContextType: theContextType |
|
| addAuthority(thePermission, theArgument) |
Add an authority/permission with an argument to the given user
Return Type: void Parameter thePermission: thePermission Parameter theArgument: theArgument |
|
| addAuthority(thePermission) |
Add an authority/permission to the given user
Return Type: void Parameter thePermission: thePermission |
Input type for a user update to the launch context(s) associated with their account.
| Name | Type | Description | |
| contexts | Array<LaunchContext> |
{
"contexts" : [ {
"contextType" : "patient",
"resourceId" : "Patient/123"
} ]
}A collection of users
| Name | Type | Description | |
| users | Array<UserDetails> |
Contains the list of clients for which a user has current OAuth2 sessions (access and refresh tokens) or remembered scopes.
| Name | Type | Description | |
| clients | Array<UserDetailsOAuth2ClientApprovals> |
Contains the details of an individual client for which a user has approved scopes and/or active tokens.
| Name | Type | Description | |
| clientNodeId | String | ||
| clientModuleId | String | ||
| clientId | String | ||
| clientName | String | ||
| approvedScopes | Array<UserDetailsOAuth2ClientApprovalsApprovedScope> |
Contains the details of an approved scope for a given user and client.
| Name | Type | Description | |
| scope | String | ||
| description | String |
A user session details object contains details about a logged in user and a specific session they have established with the authorization server.
| Name | Type | Description | |
| launchContextParameters | Array<LaunchContextParameter> | Specifies the parameters that will be returned to the user as launch context if the SMART authorization flow requests a launch context | |
| launchResourceIds | Array<LaunchResourceId> | Specifies the IDs that will be returned to the user as launch context if the SMART authorization flow requests a launch context | |
| fhirContext | Array<FhirContextEntry> | Specifies the components of the fhirContext, including a reference or a reference/role pair. | |
| approvedScopes | Set<String> | If the session is an OAuth2 session (i.e. it is accessed via a bearer token that was granted by a SMART Auth server) this field will be populated with the set of scopes that were approved for the client | |
| oidcClientId | String | If the session is an OAuth2 session (i.e. it is accessed via a bearer token that was granted by a SMART Auth server) this field will be populated with the id of the client. | |
| oidcClientNodeId | String | The node ID associated with OIDC client of this user. | |
| oidcClientModuleId | String | The module ID associated with the OIDC client of this user account. | |
| userData | Map<String,Object> | The user data for this session. | |
| fhirUserUrl | String |
Specifies the FHIR Resource URL associated with this user session. This value will be used to provide the fhirUser claim in returned ID Tokens, and is not used for other purposes.
|
|
| accountDisabled | Boolean | ||
| notes | String | ||
| String | |||
| accountExpiry | Date (Instant) | ||
| accountLocked | Boolean | ||
| failedLoginAttempts | Int | ||
| authorities | Array<GrantedAuthority> | ||
| associatedResources | Array<AssociatedResource> | A collection of "associated resource" IDs. Associated resources are FHIR resources with some connection to the given user, such as a Patient or Practitioner resource representing the actual user. | |
| credentialExpiry | Date (Instant) | ||
| familyName | String | ||
| givenName | String | ||
| lastActive | Date (Instant) | The date at which the user account was last used. Note that this property is read-only, and is only updated once per day, so it is accurate only to the date. | |
| lastConnected | Date (Instant) | The date at which the user last logged in. This property is read-only and is accurate to the minute. | |
| moduleId | String | The module ID associated with this user account. This is the module ID associated with the Inbound Security module that is responsible for authenticating this user. | |
| nodeId | String | The node ID associated with this user. This is the master node ID associated with the Inbound Security module that is responsible for authenticating this user. | |
| password | String | The user password (note that this property will not be populated when sessions are made available to user code) | |
| pid | Long | The PID (internal ID) for this user | |
| username | String | The username for this user | |
| usernameNamespace | String | The username namespace associated with this user | |
| systemUser | Boolean | If this is set, the user cannot be renamed or deleted (this property may only be set by the system) | |
| external | Boolean | If this value is set, the user is backed by an external user directory (this property may only be set by the system) | |
| defaultLaunchContexts | Array<LaunchContext> | The SMART launch contexts associated with this account | |
| serviceAccount | Boolean | ||
| twoFactorAuthStatus | Enumeration |
Options:
|
| Name | Description | |
| getFhirContext() |
Provides the fhirContext entries with this session
Return Type: Array<FhirContextEntry> |
|
| getLaunchResourceIds() |
Provides the launch context resource IDs associated with this session
Return Type: Array<LaunchResourceId> |
|
| getLaunchContextParameters() |
Provides the launch context parameters associated with this session
Return Type: Array<LaunchContextParameter> |
|
| getLaunchResourceIdsForResourceType(theResourceType) |
Provides the launch context resource IDs associated with this session for a given resource type, returning an array of LaunchResourceId objects.
Return Type: Array<LaunchResourceId> Parameter theResourceType: theResourceType |
|
| addLaunchResourceId(theResourceType, theResourceId) |
Adds a launch context resource id
Return Type: void Parameter theResourceType: theResourceType Parameter theResourceId: theResourceId |
|
| addUserData(theKey, theValue) |
Add user data to the session. Custom user data can be added for use within the system or in interceptors.
Return Type: void Parameter theKey: theKey Parameter theValue: theValue |
|
| addApprovedScope(theScope) |
Add an approved scope to the session
Return Type: void Parameter theScope: theScope |
|
| removeApprovedScope(theScope) |
Remove an approved scope to the session. This method has no effect if the given scope is not in the existing approved scope list.
Return Type: void Parameter theScope: theScope |
|
| addFhirContextReference(theReference) |
Adds a Smart fhirContext entry containing only the reference
Return Type: void Parameter theReference: theReference |
|
| addFhirContextReference(theReference, theRole) |
Adds a Smart fhirContext entry containing the reference and role
Return Type: void Parameter theReference: theReference Parameter theRole: theRole |
|
| getLaunchResourceIdForResourceType(theResourceType) |
Provides a single launch context resource ID associated with this session for a given resource type, returning the resource ID (e.g. 123) or null if none are found.
Return Type: String Parameter theResourceType: theResourceType |
|
| addLaunchContextParameter(theParameterName, theParameterValue) |
Adds a launch context parameter name/value pair
Return Type: void Parameter theParameterName: theParameterName Parameter theParameterValue: theParameterValue |
|
| hasAuthority(thePermission) |
Does the user have the given permission?
Return Type: Boolean Parameter thePermission: thePermission |
|
| getOrCreateDefaultLaunchContext(theContextType, theIndex) |
Returns the first default launch context for the given type, creating one if none exists
Return Type: LaunchContext Parameter theContextType: theContextType Parameter theIndex: theIndex |
|
| getOrCreateDefaultLaunchContext(theContextType) |
Returns the first default launch context for the given type, creating one if none exists
Return Type: LaunchContext Parameter theContextType: theContextType |
|
| addAuthority(thePermission, theArgument) |
Add an authority/permission with an argument to the given user
Return Type: void Parameter thePermission: thePermission Parameter theArgument: theArgument |
|
| addAuthority(thePermission) |
Add an authority/permission to the given user
Return Type: void Parameter thePermission: thePermission |
|
| addUserData(theExtraData) |
Add all entries to the user data. A null value will be ignored.
Return Type: void Parameter theExtraData: theExtraData |
|
| hasUserData(theName) |
Has user data for name been set?
Return Type: Boolean Parameter theName: theName |
|
| clearUserData(theName) |
Clear all user data.
Return Type: void Parameter theName: theName |
|
| setUserDataINN(theName, theValue) |
Sets a user supplied data value in the session if value is not null.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserString(theName) |
Get a user supplied data value as a string (converting if needed) or null if unset.
Return Type: String Parameter theName: theName |
|
| getUserInt(theName) |
Get a user supplied data value as a integer, converting null/unset to 0.
Return Type: Int Parameter theName: theName |
|
| setUserData(theName, theValue) |
Sets a user supplied data value in the session.
Return Type: void Parameter theName: theName Parameter theValue: theValue |
|
| getUserData(theName) |
Get a user supplied data value.
Return Type: Object Parameter theName: theName |