HS.FHIRServer.API.OAuth2Token

class HS.FHIRServer.API.OAuth2Token extends %Library.RegisteredObject

API class for OAuth 2.0 access token handling.

Property Inventory

BaseURL
OAuthClient
ScopesList
TokenObject
TokenString
Username
VerifySearchResults

Method Inventory

GetUserInfo()
SetInstance()
VerifyDeleteRequest()
VerifyHistoryInstanceResponse()
VerifyResourceContent()
VerifyResourceIdRequest()
VerifySearchRequest()
VerifySystemLevelRequest()

Properties

property BaseURL as %String (MAXLEN = 1024) [ Calculated ];

FHIR request BaseURL.

Property methods: BaseURLDisplayToLogical(), BaseURLIsValid(), BaseURLLogicalToDisplay(), BaseURLLogicalToOdbc(), BaseURLNormalize()

property OAuthClient as %String (MAXLEN = 256) [ Calculated ];

OAuth 2.0 Client name, as defined in System Administration > Security > OAuth 2.0 > Client.

Property methods: OAuthClientDisplayToLogical(), OAuthClientIsValid(), OAuthClientLogicalToDisplay(), OAuthClientLogicalToOdbc(), OAuthClientNormalize()

property ScopesList as %List [ Calculated ];

$List of access token JWT scopes.

Property methods: ScopesListLogicalToOdbc(), ScopesListOdbcToLogical()

property TokenObject as %Library.DynamicObject [ Calculated ];

The access token JWT object.

property TokenString as %String (MAXLEN = 8192) [ Calculated ];

The access token string.

Property methods: TokenStringDisplayToLogical(), TokenStringIsValid(), TokenStringLogicalToDisplay(), TokenStringLogicalToOdbc(), TokenStringNormalize()

property Username as %String (MAXLEN = 256) [ Calculated ];

FHIR request Basic Auth username.

Property methods: UsernameDisplayToLogical(), UsernameIsValid(), UsernameLogicalToDisplay(), UsernameLogicalToOdbc(), UsernameNormalize()

property VerifySearchResults as %Boolean [ Calculated ];

Flag to indicate that search results should be verified against the access token.

Property methods: VerifySearchResultsDisplayToLogical(), VerifySearchResultsIsValid(), VerifySearchResultsLogicalToDisplay(), VerifySearchResultsNormalize()

Methods

method GetUserInfo(pBAUsername As %String, pBARoles As %String, Output pUserInfo)

@API
Derive user information from the current OAuth 2.0 token, and return that data if desired.
Input:
- pBAUsername: Existing basic authentication username (e.g., $username value). - pBARoles : Existing basic authentication user roles (e.g., $roles value). Output:
- pUserInfo(): Array of user information, subscripted by item name (e.g. pUserInfo("Username") = "_SYSTEM").

abstract method SetInstance(pTokenString As %String = "", pOAuthClient As %String = "", pBaseURL As %String = "", pUsername As %String = "")

@API
Set or re-set the properties of the current token handler instance, based on the input parameters.
@Input pTokenString The access token string.
@Input pOAuthClient The OAuth 2.0 Client Name, as defined in the Management Portal at System Administration > Security > OAuth 2.0 > Client. @Input pBaseURL The base URL, including scheme, host, port and path of the end point for the current FHIR interaction. @Input pUserame The effective username for the current FHIR interaction.

abstract method VerifyDeleteRequest(pResourceType As %String, pResourceId As %String, pRequiredPrivilege As %String)

Verify that the access token allows the delete request based on the specified resource type and resource id. If not allowed, this method will Throw. Otherwise, it will simply Return.

abstract method VerifyHistoryInstanceResponse(pResourceType As %String, pResourceJson As %DynamicObject, pRequiredPrivilege As %String)

Verify that the access token allows the history-instance request based on the contents of the interaction response and required privilege. If not allowed, this method will Throw. Otherwise, it will simply Return.

abstract method VerifyResourceContent(pResourceJson As %DynamicObject, pRequiredPrivilege As %String, pAllowSharedResource As %Boolean = 0)

Verify that the access token allows the current interaction on the specified resource, based on the content and required privilege. If not allowed, this method will Throw. Otherwise, it will simply Return.

abstract method VerifyResourceIdRequest(pResourceType As %String, pResourceId As %String, pRequiredPrivilege As %String)

Verify that the access token allows the current interaction request based on the resource type, resource id and required privilege. If not allowed, this method will Throw. Otherwise, it will simply Return.

abstract method VerifySearchRequest(pResourceType As %String, pCompartmentResourceType As %String, pCompartmentResourceId As %String, pParameters As HS.FHIRServer.API.Data.QueryParameters, pRequiredPrivilege As %String)

Verify that the access token allows the search request based on some or all of resource type, resource id, compartment type, search parameters and required privilege. If not allowed, this method will Throw. Otherwise, it will simply Return.

abstract method VerifySystemLevelRequest()

Verify that the access token allows the system-level request. If not allowed, this method will Throw. Otherwise, it will simply Return.

Subclasses

HS.FHIRServer.Util.OAuth2Token