HS.BulkFHIR.Auth.OAuth.Adapter
class HS.BulkFHIR.Auth.OAuth.Adapter extends HS.BulkFHIR.API.AuthAdapter
This OAuth adapter points to and uses an existing OAuth server for the validation of access tokens that come into the BFC endpoint. The OAuth server:- May be an ISC or non-ISC OAuth server.
- May be located anywhere that is accessible over HTTP.
- Must be able to handle the requirements of SMART Backend Authorization Service profile (http://www.hl7.org/fhir/smart-app-launch/backend-services.html).
Method Inventory
- Authenticate()
- AuthorizeFHIRRequest()
- GetAccessTokenInfo()
- GetAccessTokenJson()
- GetIntrospection()
- Initialize()
- WellKnownConfiguration()
Parameters
parameter IsOAuth = 1;
Inherited description: Whether the adapter uses OAuth access tokens. Used in conjunction
with the storage adapter to set the requireAccessToken setting
in a status request.
parameter configClass = HS.BulkFHIR.Auth.OAuth.Config;
Methods
classmethod Authenticate(pBFCconfig As HS.BulkFHIR.API.Data.Config, pUrl As %String, ByRef pContinue As %Boolean) as %Status
Inherited description: @API.Overridable
Authentication method to be called from the BFC Rest Handler OnPreDispatch. Ensures that the request is authenticated. If authentication fails then this method must set pContinue=0 before returning. This method will be invoked on any HTTP request to the BFC Rest Handler, whether it is a kickoff request, search, or request for status. The CSP %request and %response objects are available to this method.
@Input pUrl Portion of the request URL that follows the base URL.
@Output pContinue Flag indicating whether to continue with DispatchClass processing.
@Returns %Status.
Authentication method to be called from the BFC Rest Handler OnPreDispatch. Ensures that the request is authenticated. If authentication fails then this method must set pContinue=0 before returning. This method will be invoked on any HTTP request to the BFC Rest Handler, whether it is a kickoff request, search, or request for status. The CSP %request and %response objects are available to this method.
@Input pUrl Portion of the request URL that follows the base URL.
@Output pContinue Flag indicating whether to continue with DispatchClass processing.
@Returns %Status.
classmethod AuthorizeFHIRRequest(request As HS.FHIRServer.API.Data.Request, pBFCconfig As HS.BulkFHIR.API.Data.Config)
Use the access token information to authorize the current interaction.
metadata request does NOT come through this method. Such authorization
is not needed for metadata.
classmethod GetAccessTokenInfo(pBFCconfig As HS.BulkFHIR.API.Data.Config, pTokenString As %String) as %DynamicObject
Override of API method.
Return a %DynamicObject of selected access token fields.
@Returns a %DynamicObject representing information about the access token.
Return a %DynamicObject of selected access token fields.
@Returns a %DynamicObject representing information about the access token.
classmethod GetAccessTokenJson(pBFCconfig As HS.BulkFHIR.API.Data.Config, pTokenString As %String) as %DynamicObject
@API.Overridable
Return a %DynamicObject representing the full access token information.
@Input pBFCconfig Full BFC configuration object in effect for the current BFC session.
@Input pTokenString Encoded string representation of an access token provided on the current request to the BFC.
@Returns a %DynamicObject representing the full access token information.
Return a %DynamicObject representing the full access token information.
@Input pBFCconfig Full BFC configuration object in effect for the current BFC session.
@Input pTokenString Encoded string representation of an access token provided on the current request to the BFC.
@Returns a %DynamicObject representing the full access token information.
classmethod GetIntrospection(pOAuthClient As %String, pTokenString As %String, Output pJWTObj) as %Status
@API.Overridable
This method presents the token string to the introspection endpoint for the server that granted this token.
The server returns a JSON object with information about the token. RFC 7662 "OAuth 2.0 Token Introspection" Section 2.2 (https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) describes the expected contents of the returned JSON object. RFC 7662 lists "scope" as OPTIONAL. However, for FHIRServer processing, it is REQUIRED.
This method checks the JSON object to verify that the token is active (well-formed and not expired), and returns it as ByRef variable pJWTObj.
By the time this method returns, pJWTObj MUST hold the token scopes in the 'scope' property, as a space-delimited string. If the tokens being handled by this class are expected to hold scopes in an alternate property and/or in an alternate format, you may need to override this method to ensure that the scopes are moved and/or reformatted into the 'scope' property. The default implementation of this method handles only one common alternate scenario, where the token object scopes are found in property 'scp', either as a JSON array or a space-delimited string. Other alternate scenarios must be handled via override of this method.
If the server that granted the token does not host an introspection endpoint, then you must override this method to derive/obtain a JSON object that holds information about the access token, with the required properties described above.
@Input pOAuthClient OAuth 2.0 client name as defined in ISC OAuth 2.0 Client definitions.
@Input pTokenString OAuth 2.0 access token string.
@Output pJWTObj JSON object that holds information about the token.
@Return %Status return value.
This method presents the token string to the introspection endpoint for the server that granted this token.
The server returns a JSON object with information about the token. RFC 7662 "OAuth 2.0 Token Introspection" Section 2.2 (https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) describes the expected contents of the returned JSON object. RFC 7662 lists "scope" as OPTIONAL. However, for FHIRServer processing, it is REQUIRED.
This method checks the JSON object to verify that the token is active (well-formed and not expired), and returns it as ByRef variable pJWTObj.
By the time this method returns, pJWTObj MUST hold the token scopes in the 'scope' property, as a space-delimited string. If the tokens being handled by this class are expected to hold scopes in an alternate property and/or in an alternate format, you may need to override this method to ensure that the scopes are moved and/or reformatted into the 'scope' property. The default implementation of this method handles only one common alternate scenario, where the token object scopes are found in property 'scp', either as a JSON array or a space-delimited string. Other alternate scenarios must be handled via override of this method.
If the server that granted the token does not host an introspection endpoint, then you must override this method to derive/obtain a JSON object that holds information about the access token, with the required properties described above.
@Input pOAuthClient OAuth 2.0 client name as defined in ISC OAuth 2.0 Client definitions.
@Input pTokenString OAuth 2.0 access token string.
@Output pJWTObj JSON object that holds information about the token.
@Return %Status return value.
classmethod Initialize(pBFCconfig As HS.BulkFHIR.API.Data.Config)
Inherited description: @API.Overridable
Called when the BFC is first configured and again if that configuration is changed, this method may be used to do any implementation-specific setup.
Called when the BFC is first configured and again if that configuration is changed, this method may be used to do any implementation-specific setup.
classmethod WellKnownConfiguration(pBFCconfig As HS.BulkFHIR.API.Data.Config) as %DynamicObject
Override of API method.
@Returns a %DynamicObject representing the .well-known/smart-configuration for the BFC OAuth server.
@Returns a %DynamicObject representing the .well-known/smart-configuration for the BFC OAuth server.
Inherited Members
Inherited Methods
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %ValidateObject()
- AcceptsContentType()
- AccessCheck()
- ConvertParameter()
- Decrypt()
- DispatchRequest()
- DrawCSS3STYLE()
- DrawHEAD()
- DrawSTHEAD()
- DrawSTTitle()
- DrawSTYLE()
- DrawTitle()
- DrawTitleSection()
- Encrypt()
- Error()
- EscapeHTML()
- EscapeURL()
- GetAuthChallenge()
- Http403()
- Http404()
- Http405()
- Http500()
- HyperEventCall()
- HyperEventHead()
- Include()
- InsertHiddenField()
- InsertHiddenFields()
- IsPrivate()
- Link()
- Login()
- OnErrorSetup()
- OnHTTPHeader()
- OnHandleCorsRequest()
- OnHandleOptionsRequest()
- OnLoginPage()
- OnPage()
- OnPageError()
- OnPostHTTP()
- OnPostHyperEvent()
- OnPreDispatch()
- OnPreHTTP()
- OnPreHyperEvent()
- OnSecurityTokenPage()
- Page()
- QuoteJS()
- ReportHttpStatusCode()
- RewriteURL()
- SetResponseHeaderIfEmpty()
- ShowError()
- StartTimer()
- StatusToJSON()
- StatusToProxyObject()
- StopTimer()
- SupportedVerbs()
- ThrowError()
- UnescapeHTML()
- UnescapeURL()