Skip to main content

HS.FHIRServer.API.OAuth2Token

class HS.FHIRServer.API.OAuth2Token extends %Library.RegisteredObject

API class for OAuth 2.0 access token handling.

Property Inventory

Method Inventory

Properties

property BaseURL as %String (MAXLEN = 1024) [ Calculated ];
FHIR request BaseURL.
Property methods: BaseURLDisplayToLogical(), BaseURLIsValid(), BaseURLLogicalToDisplay(), BaseURLLogicalToOdbc(), BaseURLNormalize()
property OAuthClient as %String (MAXLEN = 256) [ Calculated ];
OAuth 2.0 Client name, as defined in System Administration > Security > OAuth 2.0 > Client.
Property methods: OAuthClientDisplayToLogical(), OAuthClientIsValid(), OAuthClientLogicalToDisplay(), OAuthClientLogicalToOdbc(), OAuthClientNormalize()
property ScopesList as %List [ Calculated ];
$List of access token JWT scopes.
Property methods: ScopesListLogicalToOdbc(), ScopesListOdbcToLogical()
property TokenObject as %Library.DynamicObject [ Calculated ];
The access token JWT object.
property TokenString as %String (MAXLEN = 8192) [ Calculated ];
The access token string.
Property methods: TokenStringDisplayToLogical(), TokenStringIsValid(), TokenStringLogicalToDisplay(), TokenStringLogicalToOdbc(), TokenStringNormalize()
property Username as %String (MAXLEN = 256) [ Calculated ];
FHIR request Basic Auth username.
Property methods: UsernameDisplayToLogical(), UsernameIsValid(), UsernameLogicalToDisplay(), UsernameLogicalToOdbc(), UsernameNormalize()
property VerifySearchResults as %Boolean [ Calculated ];
Flag to indicate that search results should be verified against the access token.
Property methods: VerifySearchResultsDisplayToLogical(), VerifySearchResultsIsValid(), VerifySearchResultsLogicalToDisplay(), VerifySearchResultsNormalize()

Methods

abstract method GetContextValues(ByRef pContextValues)
@API.Overrideable
Return the current context values, if any.
abstract method GetUserInfo(pBAUsername As %String, pBARoles As %String, Output pUserInfo)
@API.Overrideable
Derive user information from the current OAuth 2.0 token, and return that data if desired.
@Input pBAUsername: Existing basic authentication username (e.g., $username value).
@Input pBARoles : Existing basic authentication user roles (e.g., $roles value).
@Output pUserInfo(): Array of user information, subscripted by item name (e.g. pUserInfo("Username") = "_SYSTEM").
abstract method HasScope(pScopeName As %String, pResourceType As %String, pRequiredPermission As %String) as %Boolean
@API.Overrideable
Return a Boolean indicating whether the current token resource scopes allow the specified interaction for the specified resource type, based on the specified required permissions. Token scopes information is expected to be held in a class property defined in this API class or in an implementation-specific class property.
@Input pScopeName SMART on FHIR scope name, such as "user", "patient", "system".
@Input pResourceType FHIR resource type.
@Input pRequiredPermission SMART on FHIR scope permission string. Whether to support SMART on FHIR v1 format ("read", "write", "*") and/or v2 format ("cruds") is an implementation choice.
abstract method SetInstance(pTokenString As %String = "", pOAuthClient As %String = "", pBaseURL As %String = "", pUsername As %String = "")
@API
Set or re-set the properties of the current token handler instance, based on the input parameters.
@Input pTokenString The access token string.
@Input pOAuthClient The OAuth 2.0 Client Name, as defined in the Management Portal at System Administration > Security > OAuth 2.0 > Client. @Input pBaseURL The base URL, including scheme, host, port and path of the end point for the current FHIR interaction. @Input pUserame The effective username for the current FHIR interaction.
abstract method VerifyDeleteRequest(pResourceType As %String, pResourceId As %String, pRequiredPermission As %String)
Verify that the access token allows the delete request based on the specified resource type and resource id. If not allowed, this method will Throw. Otherwise, it will simply Return.
abstract method VerifyHistoryInstanceResponse(pResourceType As %String, pResourceJson As %DynamicObject, pRequiredPermission As %String)
@API.Overrideable
Verify that the access token allows the history-instance request based on the contents of the interaction response and required permission. If not allowed, this method will Throw. Otherwise, it will simply Return. Token scopes information is expected to be held in a class property defined in this API class or in an implementation-specific class property.
@Input pResourceType FHIR resource type.
@Input pResourceJson %DynamicObject representation of FHIR history Bundle resource.
@Input pRequiredPermission SMART on FHIR scope permission string. Whether to support SMART on FHIR v1 format ("read", "write", "*") and/or v2 format ("cruds") is an implementation choice.
abstract method VerifyResourceContent(pResourceJson As %DynamicObject, pRequiredPermission As %String, pAllowSharedResource As %Boolean = 0)
@API.Overrideable
Verify that the access token allows the current interaction on the specified resource, based on the content and required permission. If not allowed, this method will Throw. Otherwise, it will simply Return. Token scopes information is expected to be held in a class property defined in this API class or in an implementation-specific class property.
@Input pResourceJson %DynamicObject representation of FHIR resource.
@Input pRequiredPermission SMART on FHIR scope permission string. Whether to support SMART on FHIR v1 format ("read", "write", "*") and/or v2 format ("cruds") is an implementation choice.
@Input pAllowSharedResource Boolean indicating whether to approve access to shared resource type if it has scope permission (resource type + permission) but the scope is a normally context- relevant scope (e.g., patient scope).
abstract method VerifyResourceIdRequest(pResourceType As %String, pResourceId As %String, pRequiredPermission As %String)
@API.Overrideable
Verify that the access token allows the current interaction request based on the resource type, resource id and required permission. If not allowed, this method will Throw. Otherwise, it will simply Return. Token scopes information is expected to be held in a class property defined in this API class or in an implementation-specific class property.
abstract method VerifySearchRequest(pResourceType As %String, pCompartmentResourceType As %String, pCompartmentResourceId As %String, pParameters As HS.FHIRServer.API.Data.QueryParameters, pRequiredPermission As %String)
@API.Overrideable
Verify that the access token allows the search request based on some or all of resource type, resource id, compartment type, search parameters and required permission. If not allowed, this method will Throw. Otherwise, it will simply Return. Token scopes information is expected to be held in a class property defined in this API class or in an implementation-specific class property.
@Input pResourceType FHIR resource type.
@Input pCompartmentResourceType FHIR resource type for a compartment-based search (e.g., "Patient" in "GET /Patient/123/Observation").
@Input pCompartmentResourceId FHIR resource id for compartment-based search (e.g., "123" in "GET /Patient/123/Observation").
@Input pParameters HS.FHIRServer.API.Data.QueryParameters object representing the search query parameters.
@Input pRequiredPermission SMART on FHIR scope permission string. Whether to support SMART on FHIR v1 format ("read", "write", "*") and/or v2 format ("cruds") is an implementation choice.
abstract method VerifySystemLevelRequest()
@API.Overrideable
Verify that the access token allows the system-level request. If not allowed, this method will Throw. Otherwise, it will simply Return.
abstract method VerifyTypesList(pResourceTypesList As %List, pRequiredPermission As %String)
@API.Overrideable
Verify that the access token scopes authorize the specified permission on ALL the resource types in the specified list. @Input pResourceTypesList $ListBuild of FHIR resource types.
@Input pRequiredPermission SMART on FHIR scope permission string. Whether to support SMART on FHIR v1 format ("read", "write", "*") and/or v2 format ("cruds") is an implementation choice.

Inherited Members

Inherited Methods

Subclasses

FeedbackOpens in a new tab