{
"description": null,
"_filename": "StructureDefinition-Client.json",
"package_name": "io.health-samurai.core.r4",
"date": null,
"derivation": "specialization",
"publisher": null,
"fhirVersion": "4.0.1",
"name": "Client",
"abstract": false,
"type": "Client",
"experimental": null,
"resourceType": "StructureDefinition",
"title": null,
"package_version": "0.2601.0",
"status": "active",
"id": "4aef2eae-5a59-4ad0-9cb8-517a6549a64c",
"kind": "resource",
"url": "http://health-samurai.io/fhir/core/StructureDefinition/Client",
"version": "0.2601.0",
"differential": {
"element": [ {
"id": "Client",
"max": "*",
"min": 0,
"path": "Client"
}, {
"id": "Client.active",
"max": "1",
"min": 0,
"path": "Client.active",
"type": [ {
"code": "boolean"
} ],
"short": "Indicates whether this client is active and can be used for authentication."
}, {
"id": "Client._source",
"max": "1",
"min": 0,
"path": "Client._source",
"type": [ {
"code": "string"
} ],
"short": "System Property. DO NOT USE IT."
}, {
"id": "Client.description",
"max": "1",
"min": 0,
"path": "Client.description",
"type": [ {
"code": "string"
} ],
"short": "A description of the client application for administrative purposes."
}, {
"id": "Client.secret",
"max": "1",
"min": 0,
"path": "Client.secret",
"short": "Hashed client secret for authentication.",
"extension": [ {
"url": "http://health-samurai.io/fhir/core/StructureDefinition/custom-type",
"valueCode": "sha256Hash"
} ]
}, {
"id": "Client.first_party",
"max": "1",
"min": 0,
"path": "Client.first_party",
"type": [ {
"code": "boolean"
} ],
"short": "Indicates whether this is a first-party client."
}, {
"id": "Client.trusted",
"max": "1",
"min": 0,
"path": "Client.trusted",
"type": [ {
"code": "boolean"
} ],
"short": "Indicates whether this client is trusted and given special privileges."
}, {
"id": "Client.scope",
"max": "*",
"min": 0,
"path": "Client.scope",
"type": [ {
"code": "string"
} ],
"short": "List of scopes this client is authorized to request."
}, {
"id": "Client.type",
"max": "1",
"min": 0,
"path": "Client.type",
"type": [ {
"code": "string"
} ],
"short": "The type of client application."
}, {
"id": "Client.details",
"max": "1",
"min": 0,
"path": "Client.details",
"short": "Additional client details or configuration options.",
"extension": [ {
"url": "http://health-samurai.io/fhir/core/StructureDefinition/additional-properties-custom-type",
"valueCode": "any"
} ]
}, {
"id": "Client.name",
"max": "1",
"min": 0,
"path": "Client.name",
"type": [ {
"code": "string"
} ],
"short": "Human-readable name of the client application."
}, {
"id": "Client.smart",
"max": "1",
"min": 0,
"path": "Client.smart",
"type": [ {
"code": "BackboneElement"
} ],
"short": "SMART on FHIR configuration for this client."
}, {
"id": "Client.smart.launch_uri",
"max": "1",
"min": 0,
"path": "Client.smart.launch_uri",
"type": [ {
"code": "string"
} ],
"short": "URI to launch the SMART app."
}, {
"id": "Client.smart.name",
"max": "1",
"min": 0,
"path": "Client.smart.name",
"type": [ {
"code": "string"
} ],
"short": "Name of the SMART app."
}, {
"id": "Client.smart.description",
"max": "1",
"min": 0,
"path": "Client.smart.description",
"type": [ {
"code": "string"
} ],
"short": "Description of the SMART app."
}, {
"id": "Client.fhir-base-url",
"max": "1",
"min": 0,
"path": "Client.fhir-base-url",
"type": [ {
"code": "string"
} ],
"short": "Base URL of the FHIR server this client interacts with."
}, {
"id": "Client.allowed-scopes",
"max": "*",
"min": 0,
"path": "Client.allowed-scopes",
"type": [ {
"code": "Reference",
"targetProfile": [ "http://health-samurai.io/fhir/core/StructureDefinition/Scope" ]
} ],
"short": "References to specific Scope resources this client is allowed to request."
}, {
"id": "Client.allowedIssuers",
"max": "*",
"min": 0,
"path": "Client.allowedIssuers",
"type": [ {
"code": "string"
} ],
"short": "List of authorized token issuers for this client."
}, {
"id": "Client.grant_types",
"max": "*",
"min": 0,
"path": "Client.grant_types",
"type": [ {
"code": "string"
} ],
"short": "OAuth 2.0 grant types this client is authorized to use.",
"constraint": [ {
"key": "enum-1152",
"human": "Grant type must be one of: basic, authorization_code, code, password, client_credentials, implicit, refresh_token, urn:ietf:params:oauth:grant-type:token-exchange",
"severity": "error",
"expression": "%context.subsetOf('basic' | 'authorization_code' | 'code' | 'password' | 'client_credentials' | 'implicit' | 'refresh_token' | 'urn:ietf:params:oauth:grant-type:token-exchange')"
} ]
}, {
"id": "Client.allowed_origins",
"max": "*",
"min": 0,
"path": "Client.allowed_origins",
"type": [ {
"code": "uri"
} ],
"short": "Allowed Origins are URLs that will be allowed to make requests."
}, {
"id": "Client.scopes",
"max": "*",
"min": 0,
"path": "Client.scopes",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Detailed scope configurations with associated policies."
}, {
"id": "Client.scopes.policy",
"max": "1",
"min": 0,
"path": "Client.scopes.policy",
"type": [ {
"code": "Reference",
"targetProfile": [ "http://health-samurai.io/fhir/core/StructureDefinition/AccessPolicy" ]
} ],
"short": "Reference to an AccessPolicy resource for this scope."
}, {
"id": "Client.scopes.parameters",
"max": "1",
"min": 0,
"path": "Client.scopes.parameters",
"short": "Parameters to be applied with the scope's policy.",
"extension": [ {
"url": "http://health-samurai.io/fhir/core/StructureDefinition/additional-properties-custom-type",
"valueCode": "any"
} ]
}, {
"id": "Client.jwks",
"max": "*",
"min": 0,
"path": "Client.jwks",
"type": [ {
"code": "BackboneElement"
} ],
"short": "JSON Web Key Set for client authentication and/or verification."
}, {
"id": "Client.jwks.kid",
"max": "1",
"min": 0,
"path": "Client.jwks.kid",
"type": [ {
"code": "string"
} ],
"short": "Key ID that identifies this key."
}, {
"id": "Client.jwks.kty",
"max": "1",
"min": 0,
"path": "Client.jwks.kty",
"type": [ {
"code": "string"
} ],
"short": "Key type.",
"constraint": [ {
"key": "enum-1150",
"human": "Key type must be RSA",
"severity": "error",
"expression": "%context.subsetOf('RSA')"
} ]
}, {
"id": "Client.jwks.alg",
"max": "1",
"min": 0,
"path": "Client.jwks.alg",
"type": [ {
"code": "string"
} ],
"short": "Algorithm used with this key.",
"constraint": [ {
"key": "enum-1151",
"human": "Algorithm must be RS384",
"severity": "error",
"expression": "%context.subsetOf('RS384')"
} ]
}, {
"id": "Client.jwks.e",
"max": "1",
"min": 0,
"path": "Client.jwks.e",
"type": [ {
"code": "string"
} ],
"short": "Exponent value for RSA key."
}, {
"id": "Client.jwks.n",
"max": "1",
"min": 0,
"path": "Client.jwks.n",
"type": [ {
"code": "string"
} ],
"short": "Modulus value for RSA key."
}, {
"id": "Client.jwks.use",
"max": "1",
"min": 0,
"path": "Client.jwks.use",
"type": [ {
"code": "string"
} ],
"short": "Key usage.",
"constraint": [ {
"key": "enum-1149",
"human": "Use must be sig",
"severity": "error",
"expression": "%context.subsetOf('sig')"
} ]
}, {
"id": "Client.jwks_uri",
"max": "1",
"min": 0,
"path": "Client.jwks_uri",
"type": [ {
"code": "url"
} ],
"short": "URI where the client's JSON Web Key Set can be retrieved."
}, {
"id": "Client.auth",
"max": "1",
"min": 0,
"path": "Client.auth",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Authentication configuration for different OAuth flows."
}, {
"id": "Client.auth.client_credentials",
"max": "1",
"min": 0,
"path": "Client.auth.client_credentials",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Configuration for the client credentials grant type."
}, {
"id": "Client.auth.client_credentials.token_format",
"max": "1",
"min": 0,
"path": "Client.auth.client_credentials.token_format",
"type": [ {
"code": "string"
} ],
"short": "Format of the access token.",
"constraint": [ {
"key": "enum-client_credentials_token_format",
"human": "Token format must be jwt",
"severity": "error",
"expression": "%context.subsetOf('jwt')"
} ]
}, {
"id": "Client.auth.client_credentials.access_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.client_credentials.access_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for access tokens in seconds."
}, {
"id": "Client.auth.client_credentials.refresh_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.client_credentials.refresh_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for refresh tokens in seconds."
}, {
"id": "Client.auth.client_credentials.audience",
"max": "*",
"min": 0,
"path": "Client.auth.client_credentials.audience",
"type": [ {
"code": "string"
} ],
"short": "Intended audience for issued tokens."
}, {
"id": "Client.auth.client_credentials.refresh_token",
"max": "1",
"min": 0,
"path": "Client.auth.client_credentials.refresh_token",
"type": [ {
"code": "boolean"
} ],
"short": "Whether to issue refresh tokens with this grant type."
}, {
"id": "Client.auth.client_credentials.client_assertion_types",
"max": "*",
"min": 0,
"path": "Client.auth.client_credentials.client_assertion_types",
"type": [ {
"code": "string"
} ],
"short": "Supported client assertion types.",
"constraint": [ {
"key": "enum-1153",
"human": "Client assertion type must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"severity": "error",
"expression": "%context.subsetOf('urn:ietf:params:oauth:client-assertion-type:jwt-bearer')"
} ]
}, {
"id": "Client.auth.authorization_code",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Configuration for the authorization code grant type."
}, {
"id": "Client.auth.authorization_code.token_format",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.token_format",
"type": [ {
"code": "string"
} ],
"short": "Format of the access token.",
"constraint": [ {
"key": "enum-1556",
"human": "Token format must be jwt",
"severity": "error",
"expression": "%context.subsetOf('jwt')"
} ]
}, {
"id": "Client.auth.authorization_code.audience",
"max": "*",
"min": 0,
"path": "Client.auth.authorization_code.audience",
"type": [ {
"code": "string"
} ],
"short": "Intended audience for issued tokens."
}, {
"id": "Client.auth.authorization_code.secret_required",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.secret_required",
"type": [ {
"code": "boolean"
} ],
"short": "Whether client secret is required for token exchange."
}, {
"id": "Client.auth.authorization_code.pkce",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.pkce",
"type": [ {
"code": "boolean"
} ],
"short": "Whether PKCE (Proof Key for Code Exchange) is required."
}, {
"id": "Client.auth.authorization_code.redirect_uri",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.redirect_uri",
"type": [ {
"code": "url"
} ],
"short": "Redirect URI for the authorization code flow."
}, {
"id": "Client.auth.authorization_code.access_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.access_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for access tokens in seconds."
}, {
"id": "Client.auth.authorization_code.refresh_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.refresh_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for refresh tokens in seconds."
}, {
"id": "Client.auth.authorization_code.refresh_token",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.refresh_token",
"type": [ {
"code": "boolean"
} ],
"short": "Whether to issue refresh tokens with this grant type."
}, {
"id": "Client.auth.authorization_code.client_assertion_types",
"max": "*",
"min": 0,
"path": "Client.auth.authorization_code.client_assertion_types",
"type": [ {
"code": "string"
} ],
"short": "Supported client assertion types.",
"constraint": [ {
"key": "enum-1153",
"human": "Client assertion type must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"severity": "error",
"expression": "%context.subsetOf('urn:ietf:params:oauth:client-assertion-type:jwt-bearer')"
} ]
}, {
"id": "Client.auth.authorization_code.default_identity_provider",
"max": "1",
"min": 0,
"path": "Client.auth.authorization_code.default_identity_provider",
"type": [ {
"code": "Reference",
"targetProfile": [ "http://health-samurai.io/fhir/core/StructureDefinition/IdentityProvider" ]
} ],
"short": "Default IdentityProvider that will be used instead of Aidbox login."
}, {
"id": "Client.auth.password",
"max": "1",
"min": 0,
"path": "Client.auth.password",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Configuration for the password grant type."
}, {
"id": "Client.auth.password.secret_required",
"max": "1",
"min": 0,
"path": "Client.auth.password.secret_required",
"type": [ {
"code": "boolean"
} ],
"short": "Whether client secret is required for password grant."
}, {
"id": "Client.auth.password.audience",
"max": "*",
"min": 0,
"path": "Client.auth.password.audience",
"type": [ {
"code": "string"
} ],
"short": "Intended audience for issued tokens."
}, {
"id": "Client.auth.password.refresh_token",
"max": "1",
"min": 0,
"path": "Client.auth.password.refresh_token",
"type": [ {
"code": "boolean"
} ],
"short": "Whether to issue refresh tokens with this grant type."
}, {
"id": "Client.auth.password.redirect_uri",
"max": "1",
"min": 0,
"path": "Client.auth.password.redirect_uri",
"type": [ {
"code": "url"
} ],
"short": "If present, turn on redirect protection"
}, {
"id": "Client.auth.password.token_format",
"max": "1",
"min": 0,
"path": "Client.auth.password.token_format",
"type": [ {
"code": "string"
} ],
"short": "Format of the access token.",
"constraint": [ {
"key": "enum-1155",
"human": "Token format must be jwt",
"severity": "error",
"expression": "%context.subsetOf('jwt')"
} ]
}, {
"id": "Client.auth.password.access_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.password.access_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for access tokens in seconds."
}, {
"id": "Client.auth.password.refresh_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.password.refresh_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for refresh tokens in seconds."
}, {
"id": "Client.auth.implicit",
"max": "1",
"min": 0,
"path": "Client.auth.implicit",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Configuration for the implicit grant type."
}, {
"id": "Client.auth.implicit.redirect_uri",
"max": "1",
"min": 0,
"path": "Client.auth.implicit.redirect_uri",
"type": [ {
"code": "url"
} ],
"short": "Redirect URI for the implicit flow."
}, {
"id": "Client.auth.implicit.token_format",
"max": "1",
"min": 0,
"path": "Client.auth.implicit.token_format",
"type": [ {
"code": "string"
} ],
"short": "Format of the access token.",
"constraint": [ {
"key": "enum-1154",
"human": "Token format must be jwt",
"severity": "error",
"expression": "%context.subsetOf('jwt')"
} ]
}, {
"id": "Client.auth.implicit.audience",
"max": "*",
"min": 0,
"path": "Client.auth.implicit.audience",
"type": [ {
"code": "string"
} ],
"short": "Intended audience for issued tokens."
}, {
"id": "Client.auth.implicit.access_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.implicit.access_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for access tokens in seconds."
}, {
"id": "Client.auth.token_exchange",
"max": "1",
"min": 0,
"path": "Client.auth.token_exchange",
"type": [ {
"code": "BackboneElement"
} ],
"short": "Configuration for the token exchange grant type."
}, {
"id": "Client.auth.token_exchange.token_format",
"max": "1",
"min": 0,
"path": "Client.auth.token_exchange.token_format",
"type": [ {
"code": "string"
} ],
"short": "Format of the access token.",
"constraint": [ {
"key": "enum-1557",
"human": "Token format must be jwt",
"severity": "error",
"expression": "%context.subsetOf('jwt')"
} ]
}, {
"id": "Client.auth.token_exchange.access_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.token_exchange.access_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for access tokens in seconds."
}, {
"id": "Client.auth.token_exchange.refresh_token_expiration",
"max": "1",
"min": 0,
"path": "Client.auth.token_exchange.refresh_token_expiration",
"type": [ {
"code": "integer"
} ],
"short": "Expiration time for refresh tokens in seconds."
}, {
"id": "Client.auth.token_exchange.audience",
"max": "*",
"min": 0,
"path": "Client.auth.token_exchange.audience",
"type": [ {
"code": "string"
} ],
"short": "Intended audience for issued tokens."
}, {
"id": "Client.auth.token_exchange.refresh_token",
"max": "1",
"min": 0,
"path": "Client.auth.token_exchange.refresh_token",
"type": [ {
"code": "boolean"
} ],
"short": "Whether to issue refresh tokens with this grant type."
} ]
},
"baseDefinition": "http://hl7.org/fhir/StructureDefinition/DomainResource"
}