HS.BulkFHIR.Util.Security
class HS.BulkFHIR.Util.Security
Method Inventory
Parameters
parameter DOMAIN = HSBFCMsg;
Methods
classmethod AutoCreateOAuthClient(pClientName As %String, pIssuerUrl As %String, pGrantTypes As %List = "", pAuthMethod As %String = "", pDescription As %String = "", Output pCreatedClient) as %Status
@API
Creates & dynamically register an oauth client specifically for BFC use given:
@Input pClientName - must be unique
@Input pIssuerUrl - must be a discoverable OAuth server issuer endpoint that supports DCR
@Input pGrantType, Optional - %List of grant types to support, defaults to client_credentials
@Input pAuthMethod, Optional - sets the token_endpoint_auth_method of the client
options include client_secret_post, client_secret_basic, client_secret_jwt, private_key_jwt, and none
defaults to client_secret_post
@Output pCreatedClient - the created OAuth2.Client
classmethod CheckResource(pResourceName As %String, pResourceAccess As %String, pLog As %Boolean = 1)
@API
Check if current user has access to a specific resource and throw an error if not
@Input pResourceName resource name
@Input pResourceAccess resource access (R,W,U)
@Input pLog whether to log the failure (HS.BulkFHIR.Service:Operation) calls CheckResource to see if it needs to look for authorized users
classmethod ResourceCheck(pBaseResourceAccess As %List = "", pSession As HS.BulkFHIR.Session = "", pNonOwnerResourceAccess As %List = "")
@API
@Input pBaseResourceAccess $lb(resource,access)
@Input pSession Session object [ optional]
@Input pNonOwnerResourceAccess $lb(resource,access) which will only be validated if a session object is provided