HS.FHIRServer.Util.OAuth2Token
class HS.FHIRServer.Util.OAuth2Token extends HS.FHIRServer.API.OAuth2Token
Class for OAuth 2.0 access token handling. It implements the FHIR request-time handling and evaluation of tokens per the HL7 Smart App Launch Implementation Guide. An instance of this class is expected to be instantiated and set as a property on a FHIRServer Interactions instance. It is used for all interactions that are handled by the Interactions instance.Method Inventory
- %OnNew()
- BaseURLGet()
- FSLogScopeMsg()
- GetContextValues()
- GetUserInfo()
- HasScope()
- OAuthClientGet()
- ScopesListGet()
- SetInstance()
- TokenObjectGet()
- TokenStringGet()
- UsernameGet()
- VerifyEverythingRequest()
- VerifyHistoryInstanceResponse()
- VerifyResourceContent()
- VerifyResourceIdRequest()
- VerifySearchRequest()
- VerifySearchResultsGet()
- VerifySystemLevelRequest()
- VerifyTypesList()
Parameters
- If an OperationOutcome resource is returned by a search, and there are no scopes with a wildcard resource type and no scopes that specify OperationOutcome, then the OperationOutcome is allowed.
- If an OperationOutcome resource is returned by a search, and scope user/OperationOutcome.cu is the only scope present for that resource type, then the OperationOutcome is disallowed.
Methods
If this method returns an error then the object will not be created.
It is passed the arguments provided in the %New call. When customizing this method, override the arguments with whatever variables and types you expect to receive from %New(). For example, if you're going to call %New, passing 2 arguments, %OnNew's signature could be:
Method %OnNew(dob as %Date = "", name as %Name = "") as %Status If instead of returning a %Status code this returns an oref and this oref is a subclass of the current class then this oref will be the one returned to the caller of %New method.
Return the current context values, if any, as a Multidimensional array.
Derive user information from the current OAuth 2.0 token, and return that data if desired.
@Input pBAUsername: Existing basic authentication username (e.g., $username value).
@Input pBARoles : Existing basic authentication user roles (e.g., $roles value).
@Output pUserInfo(): Array of user information. Standard return is pUserInfo("Username") and pUserInfo("Roles"). This method may be overridden to derive and return other user info via subscripts in the pUserInfo() array.
Return a Boolean indicating whether the current token resource scopes allow the specified interaction for the specified resource type, based on the specified required permissions.
@Input pScopeName SMART on FHIR scope name, such as "user", "patient", "system".
@Input pResourceType FHIR resource type.
@Input pRequiredPermission SMART on FHIR scope permission string. SMART on FHIR v1 format ("read", "write", "*") and v2 format ("cruds") are handled here.
Set or reset the properties of the current token handler instance, based on the input parameters.
@Input pTokenString The access token string.
@Input pOAuthClient The OAuth 2.0 Client Name, as defined in the Management Portal at System Administration > Security > OAuth 2.0 > Client. @Input pBaseURL The base URL, including scheme, host, port and path of the end point for the current FHIR interaction. @Input pUsername (DEPRECATED) The Basic Auth username for the current FHIR interaction.
@Input pJWTObj Access token JSON object previously obtained using the token string. When provided as input, it must indicate the same token indicated by pTokenString.
@Input pLastIntrospectionTime When pJWTObj is provided as input, this is the time in NumericDate format stating the last time the token string had introspection done for it.
Verify that the access token allows the history-instance request based on the contents of the interaction response and required permission. If not allowed, this method will Throw. Otherwise, it will simply Return.
@Input pResourceType FHIR resource type.
@Input pResourceJson %DynamicObject representation of FHIR history Bundle resource.
@Input pRequiredPermission SMART on FHIR scope permission string. SMART on FHIR v1 format ("read", "write", "*") and v2 format ("cruds") are supported as inputs.
Verify that the access token allows the current interaction on the specified resource, based on the content and required permission. If not allowed, this method will Throw. Otherwise, it will simply Return.
@Input pResourceJson %DynamicObject representation of FHIR resource.
@Input pRequiredPermission SMART on FHIR scope permission string. SMART on FHIR v1 format ("read", "write", "*") and v2 format ("cruds") are supported as inputs.
@Input pAllowSharedResource Boolean indicating whether to approve access to shared resource type if it has scope permission (resource type + permission) but the scope is a normally context- relevant scope (e.g., patient scope).
Caution: This implementation of VerifyResourceIdRequest ignores the pResourceId input parameter. It verifies that the access token allows the current interaction request based on the resource type and required permission only. If not allowed, this method will Throw. Otherwise, it will simply Return. Note that despite returning from this call, the corresponding response to the interaction could still fail subsequent verification later in the processing of the current interaction.
Verify that the access token allows access to all resource types explicitly stated in the search request (pResourceType, pCompartmentResourceType, include and revinclude resource types). Resource types involved in chain and reverse chain (_has) are not subject to this check. Where there is some uncertainty remaining about the resource types that might be returned by the search request (e.g., include or revinclude wildcard resource types), ..%VerifySearchResults will be set to 1 to signal a need to check the search result set contents against the access token. If this method determines that the request is not allowed, this method will Throw.
@Input pResourceType FHIR resource type.
@Input pCompartmentResourceType FHIR resource type for a compartment-based search (e.g., "Patient" in "GET /Patient/123/Observation").
@Input pCompartmentResourceId FHIR resource id for compartment-based search (e.g., "123" in "GET /Patient/123/Observation").
@Input pParameters HS.FHIRServer.API.Data.QueryParameters object representing the search query parameters.
@Input pRequiredPermission SMART on FHIR scope permission string. SMART on FHIR v1 format ("read", "write", "*") and v2 format ("cruds") are supported as inputs.
Verify that the access token allows the system-level request. This is for system-history and system-search. Default functionality is to ignore patient context, and require user/*.read and/or user/*.*
If not allowed, this method will Throw. Otherwise, it will simply Return.
Verify that the access token scopes authorize the specified permission on ALL the resource types in the specified list. @Input pResourceTypesList $ListBuild of FHIR resource types.
@Input pRequiredPermission SMART on FHIR scope permission string. SMART on FHIR v1 format ("read", "write", "*") and v2 format ("cruds") are supported as inputs.
Inherited Members
Inherited Properties
Inherited Methods
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %ValidateObject()
- VerifyDeleteRequest()