{
"description": null,
"_filename": "StructureDefinition-IdentityProvider.json",
"package_name": "io.health-samurai.core.r4",
"date": null,
"derivation": "specialization",
"publisher": null,
"fhirVersion": "4.0.1",
"name": "IdentityProvider",
"abstract": false,
"type": "IdentityProvider",
"experimental": null,
"resourceType": "StructureDefinition",
"title": null,
"package_version": "0.2601.0",
"status": "active",
"id": "2b3f62ab-7211-421e-b12e-25ceda220c3a",
"kind": "resource",
"url": "http://health-samurai.io/fhir/core/StructureDefinition/IdentityProvider",
"version": "0.2601.0",
"differential": {
"element": [ {
"id": "IdentityProvider",
"max": "*",
"min": 0,
"path": "IdentityProvider"
}, {
"id": "IdentityProvider.active",
"max": "1",
"min": 0,
"path": "IdentityProvider.active",
"type": [ {
"code": "boolean"
} ],
"short": "Indicates whether this identity provider is active and can be used for authentication."
}, {
"id": "IdentityProvider._source",
"max": "1",
"min": 0,
"path": "IdentityProvider._source",
"type": [ {
"code": "string"
} ],
"short": "System Property. DO NOT USE IT."
}, {
"id": "IdentityProvider.type",
"max": "1",
"min": 0,
"path": "IdentityProvider.type",
"type": [ {
"code": "string"
} ],
"short": "The type of identity provider.",
"constraint": [ {
"key": "enum-1325",
"human": "Type must be one of: aidbox, github, google, OIDC, OAuth, az-dev, yandex, okta, apple",
"severity": "error",
"expression": "%context.subsetOf('aidbox' | 'github' | 'google' | 'OIDC' | 'OAuth' | 'az-dev' | 'yandex' | 'okta' | 'apple')"
} ]
}, {
"id": "IdentityProvider.title",
"max": "1",
"min": 0,
"path": "IdentityProvider.title",
"type": [ {
"code": "string"
} ],
"short": "A human-readable name for the identity provider."
}, {
"id": "IdentityProvider.scopes",
"max": "*",
"min": 0,
"path": "IdentityProvider.scopes",
"type": [ {
"code": "string"
} ],
"short": "OAuth scopes that should be requested during authentication."
}, {
"id": "IdentityProvider.base_url",
"max": "1",
"min": 0,
"path": "IdentityProvider.base_url",
"type": [ {
"code": "uri"
} ],
"short": "Base URL for the identity provider."
}, {
"id": "IdentityProvider.authorize_endpoint",
"max": "1",
"min": 0,
"path": "IdentityProvider.authorize_endpoint",
"type": [ {
"code": "string"
} ],
"short": "The URL of the authorization endpoint."
}, {
"id": "IdentityProvider.token_endpoint",
"max": "1",
"min": 0,
"path": "IdentityProvider.token_endpoint",
"type": [ {
"code": "string"
} ],
"short": "The URL of the token endpoint."
}, {
"id": "IdentityProvider.team_id",
"max": "1",
"min": 0,
"path": "IdentityProvider.team_id",
"type": [ {
"code": "string"
} ],
"short": "Team ID (for Apple)."
}, {
"id": "IdentityProvider.kid",
"max": "1",
"min": 0,
"path": "IdentityProvider.kid",
"type": [ {
"code": "string"
} ],
"short": "Key identifier used for token verification."
}, {
"id": "IdentityProvider.system",
"max": "1",
"min": 0,
"path": "IdentityProvider.system",
"type": [ {
"code": "string"
} ],
"short": "System identifier for the identity provider."
}, {
"id": "IdentityProvider.toScim",
"max": "1",
"min": 0,
"path": "IdentityProvider.toScim",
"short": "Mapping rules for transforming identity provider data.",
"extension": [ {
"url": "http://health-samurai.io/fhir/core/StructureDefinition/additional-properties-custom-type",
"valueCode": "any"
} ]
}, {
"id": "IdentityProvider.isScim",
"max": "1",
"min": 0,
"path": "IdentityProvider.isScim",
"type": [ {
"code": "boolean"
} ],
"short": "Indicates whether this provider supports SCIM protocol."
}, {
"id": "IdentityProvider.isEmailUniqueness",
"max": "1",
"min": 0,
"path": "IdentityProvider.isEmailUniqueness",
"type": [ {
"code": "boolean"
} ],
"short": "Indicates whether email uniqueness should be enforced for this provider."
}, {
"id": "IdentityProvider.userinfo_endpoint",
"max": "1",
"min": 0,
"path": "IdentityProvider.userinfo_endpoint",
"type": [ {
"code": "string"
} ],
"short": "The URL of the userinfo endpoint."
}, {
"id": "IdentityProvider.userinfo_header",
"max": "1",
"min": 0,
"path": "IdentityProvider.userinfo_header",
"type": [ {
"code": "string"
} ],
"short": "Header to be used when calling the userinfo endpoint."
}, {
"id": "IdentityProvider.registration_endpoint",
"max": "1",
"min": 0,
"path": "IdentityProvider.registration_endpoint",
"type": [ {
"code": "string"
} ],
"short": "The URL of the registration endpoint."
}, {
"id": "IdentityProvider.revocation_endpoint",
"max": "1",
"min": 0,
"path": "IdentityProvider.revocation_endpoint",
"type": [ {
"code": "string"
} ],
"short": "The URL of the token revocation endpoint."
}, {
"id": "IdentityProvider.introspection_endpoint",
"max": "1",
"min": 0,
"path": "IdentityProvider.introspection_endpoint",
"type": [ {
"code": "string"
} ],
"short": "The URL of the token introspection endpoint."
}, {
"id": "IdentityProvider.jwks_uri",
"max": "1",
"min": 0,
"path": "IdentityProvider.jwks_uri",
"type": [ {
"code": "string"
} ],
"short": "URI where the provider's JSON Web Key Set can be retrieved."
}, {
"id": "IdentityProvider.organizations",
"max": "*",
"min": 0,
"path": "IdentityProvider.organizations",
"type": [ {
"code": "string"
} ],
"short": "Organizations associated with this identity provider."
}, {
"id": "IdentityProvider.userinfo-source",
"max": "1",
"min": 0,
"path": "IdentityProvider.userinfo-source",
"type": [ {
"code": "string"
} ],
"short": "Source of userinfo details.",
"constraint": [ {
"key": "enum-1326",
"human": "Source must be one of: id-token, userinfo-endpoint",
"severity": "error",
"expression": "%context.subsetOf('id-token' | 'userinfo-endpoint')"
} ]
}, {
"id": "IdentityProvider.client",
"max": "1",
"min": 0,
"path": "IdentityProvider.client",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Client configuration for this identity provider."
}, {
"id": "IdentityProvider.client.id",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.id",
"type": [ {
"code": "string"
} ],
"short": "Client identifier used for authentication with the identity provider."
}, {
"id": "IdentityProvider.client.redirect_uri",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.redirect_uri",
"type": [ {
"code": "uri"
} ],
"short": "URI where the provider will redirect after authentication."
}, {
"id": "IdentityProvider.client.auth-method",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.auth-method",
"type": [ {
"code": "string"
} ],
"short": "Client authentication method.",
"constraint": [ {
"key": "enum-auth-method",
"human": "Auth method must be one of: symmetric, asymmetric",
"severity": "error",
"expression": "%context.subsetOf('symmetric' | 'asymmetric')"
} ]
}, {
"id": "IdentityProvider.client.secret",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.secret",
"type": [ {
"code": "string"
} ],
"short": "Client secret for symmetric authentication."
}, {
"id": "IdentityProvider.client.private-key",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.private-key",
"type": [ {
"code": "string"
} ],
"short": "Private key for asymmetric authentication."
}, {
"id": "IdentityProvider.client.certificate",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.certificate",
"type": [ {
"code": "string"
} ],
"short": "Client certificate for authentication."
}, {
"id": "IdentityProvider.client.certificate-thumbprint",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.certificate-thumbprint",
"type": [ {
"code": "string"
} ],
"short": "Certificate thumbprint."
}, {
"id": "IdentityProvider.client.creds-ts",
"max": "1",
"min": 0,
"path": "IdentityProvider.client.creds-ts",
"type": [ {
"code": "string"
} ],
"short": "Credentials timestamp."
} ]
},
"baseDefinition": "http://hl7.org/fhir/StructureDefinition/DomainResource"
}