OpenID Connect Clients Endpoint
The OpenID Connect Clients Endpoint can be used to create, read, and update client definitions that are stored in Smile CDR.
This method will fetch all clients stored in the system.
Request:
GET http://localhost:9000/openid-connect-clients/
You may also add the following URL parameters:
pageIndex=[index] – The index of the page to return to the user (0 is the first page). Default value is 0.pageSize=[size] – The size of the page to return to the user (e.g. 100). Default value is 100.clientStatusFilter=['ENABLED', 'DISABLED', or 'ENABLED_AND_DISABLED'] – The status of clients to return to the user. Default value is ENABLED.Response:
This operation returns a JSON document object of type OAuth2Clients. This object will then contain individual definitions of the type OAuth2Client.
Note that client secrets are redacted in response objects (and the secret itself is only persisted as a hash, so it could not be returned anyhow).
Example:
{
"clients": [
{
"pid": 3846,
"nodeId": "Master",
"moduleId": "smart_auth",
"clientId": "client-id",
"clientName": "Client Name",
"enabled": true,
"accessTokenValiditySeconds": 3600,
"allowedGrantTypes": [
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"alwaysRequireApproval": false,
"canIntrospectAnyTokens": false,
"canIntrospectOwnTokens": false,
"canReissueTokens": false,
"clientSecrets": [
{
"pid": 1,
"secret": "***",
"description": "t***",
"activation": "2020-04-27T19:55:11.425-04:00"
}
],
"fixedScope": false,
"refreshTokenValiditySeconds": 86400,
"registeredRedirectUris": [
"http://redirect.url"
],
"rememberApprovedScopes": false,
"scopes": [
"patient/*.read"
],
"secretClientCanChange": false,
"secretRequired": false
}
],
"pageIndex": 0,
"totalPages": 1
}
This method will fetch a single client stored in the system.
Request:
GET http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/[client_id]
Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition. The client_id is the ID found within the definition.
Response:
This operation returns a JSON document object of type OAuth2Client.
Note that client secrets are not included in response objects.
This method will create a new client definition.
Request:
POST http://localhost:9000/openid-connect-clients/[node_id]/[module_id]
Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition.
Example:
{
"moduleId": "smart_auth",
"nodeId": "Master",
"clientId": "some-client",
"clientName": "Some Client",
"accessTokenValiditySeconds": 3600,
"allowedGrantTypes": [
"AUTHORIZATION_CODE"
],
"canIntrospectAnyTokens": true,
"canIntrospectOwnTokens": true,
"canReissueTokens": true,
"clientSecrets": [
{
"activation": "2018-11-22T01:14:26.876Z",
"expiration": "2028-11-22T01:14:26.876Z",
"secret": "THIS-IS-A-SECRET-123"
}
],
"fixedScope": true,
"registeredRedirectUris": [
"https://example.com/oauth/callback"
],
"scopes": [
"patient/*.read",
"patient/*.write"
],
"secretRequired": true
}
Response:
This operation returns a JSON document object of type OAuth2Client. This document contains the same definition that was supplied in the client request.
Note that client secrets are not included in response objects.
This method update an existing client definition.
Request:
PUT http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/[client_id]
Note that the node_id and module_id refer to the master node and module IDs for the SMART Outbound Security module that contains the client definition.
Example:
{
"moduleId": "smart_auth",
"nodeId": "Master",
"clientId": "some-client",
"clientName": "Some Client",
"accessTokenValiditySeconds": 3600,
"allowedGrantTypes": [
"AUTHORIZATION_CODE"
],
"canIntrospectAnyTokens": true,
"canIntrospectOwnTokens": true,
"canReissueTokens": true,
"clientSecrets": [
{
"activation": "2018-11-22T01:14:26.876Z",
"expiration": "2028-11-22T01:14:26.876Z",
"secret": "THIS-IS-A-SECRET-123"
}
],
"fixedScope": true,
"registeredRedirectUris": [
"https://example.com/oauth/callback"
],
"scopes": [
"patient/*.read",
"patient/*.write"
],
"secretRequired": true
}
Response:
This operation returns a JSON document object of type OAuth2Client. This document contains the same definition that was supplied in the client request.
Note that client secrets are not included in response objects.
This method will create a new client definition and will generate secrets.
Request:
POST http://localhost:9000/openid-connect-clients/[node_id]/[module_id]/register-client-and-generate-secret
Note:
Example:
{
"moduleId": "smart_auth",
"nodeId": "Master",
"clientId": "some-client",
"clientName": "Some Client",
"accessTokenValiditySeconds": 3600,
"allowedGrantTypes": [
"AUTHORIZATION_CODE"
],
"canIntrospectAnyTokens": true,
"canIntrospectOwnTokens": true,
"canReissueTokens": true,
"fixedScope": true,
"registeredRedirectUris": [
"https://example.com/oauth/callback"
],
"scopes": [
"patient/*.read",
"patient/*.write"
],
"secretRequired": true
}
Response:
This operation returns a JSON document object of type OAuth2Client. This document contains the same definition that was supplied in the client request.
Note that client secrets are included in response objects.