Adding Clients for Inferno tests
A Client can be added with predefined secret and without. Sometimes it's important to add a Client resource without predefined id and secret.
Client with predefined secret and id
To create or update a Client with predefined secret and id.
http
PUT /Client/inferno-confidential-patient-smart-app
Content-Type: text/yaml
secret: inferno-confidential-patient-smart-app-secret
type: patient-facing-smart-app
active: true
grant_types:
- authorization_code
auth:
authorization_code:
pkce: false
redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
refresh_token: true
secret_required: true
access_token_expiration: 300
smart:
launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'idof the Client is defined within the uri. It's ainfernoconfidentialpatientsmartappvaluesecretis defined in the request body. The secret value isinfernoconfidentialpatientsmartappsecret
Client without predefined secret and id (patient confidential app)
To create a Client without predefined secret and client id use the smartbox.portal.developer.rpc/save-developer-application RPC method.
http
POST /rpc
Content-Type: text/yaml
method: smartbox.portal.developer.rpc/save-developer-application
params:
confidentiality:
value: confidential
name: some-app-name
description: some-app-name
redirect-url: http://redirect
launch-url: http://launch
logo-url: http://logo
org-name: org-name
org-url: http://org
policy-url: http://policy
tos-url: http://toshttp
status: 200
result:
id: b2f66062-4beb-43c8-a32c-aa072134185c # generated id of the Created client
message: Application saved successfullyRequest parameters
confidentialityis a set of two options:confidentialandpublic. In the example above theconfidentialis chosenapplicationnameis the application namedescriptionis the application descriptionredirecturlis the redirect uri of the applicationlaunchuriis the launch uri pf the applicationlogourlis the url of the application logo fileorgnameis the name of the company application belongs toorgurlis the url of the compamy's websitepolicyurlis the link to the application policy pagetosurlis the link to the application term of services page
How to get Client secret
Use id we received oŅ the previous step to request Client details. The secret contains generated value.
http
GET /Client/b2f66062-4beb-43c8-a32c-aa072134185c
Content-Type: text/yamldescription: some-app-name name: some-app-name type: patient-facing-smart-app grant_types: - authorization_code - basic resourceType: Client auth: authorization_code: redirect_uri: http://redirect refresh_token: true secret_required: true access_token_expiration: 300 secret: M2JmODllMjItNzBiNC00MzM5LTkyMDktMDAxMzM4MGM5OTk2 details: user: name: {} user-id: admin logo-url: http://logo organization: url: http://org name: org-name service-terms: http://tos privacy-policy-url: http://policy active: true id: >- b2f66062-4beb-43c8-a32c-aa072134185c smart: launch_uri: http://launchClient without predefined id (patient public app)
To create a Client without predefined id use the smartbox.portal.developer.rpc/save-developer-application RPC method.
http
POST /rpc
Content-Type: text/yaml
method: smartbox.portal.developer.rpc/save-developer-application
params:
confidentiality:
value: public
name: public-app-name
description: public-app-name
redirect-url: http://public.redirect
launch-url: http://public.launch
logo-url: http://public.logo
org-name: public-org-name
org-url: http://public.org
policy-url: http://public.policy
tos-url: http://public.toshttp
status: 200
result:
id: 068c221b-65e5-496c-82d0-53874d3d8714
message: Application saved successfullyRequest parameters
confidentialityis a set of two options:confidentialandpublic. In the example above thepublicis chosenapplicationnameis the application namedescriptionis the application descriptionredirecturlis the redirect uri of the applicationlaunchuriis the launch uri pf the applicationlogourlis the url of the application logo fileorgnameis the name of the company application belongs toorgurlis the url of the compamy's websitepolicyurlis the link to the application policy pagetosurlis the link to the application term of services page
Client for provider usage
Provider SMART App must have a tenant link (see Multitenancy approach and What is Tenant articles). To create a Client for provider use the following request.
http
POST /Client
Content-Type: text/yaml
type: provider-facing-smart-app
name: provider-app-name
description: provider-app-description
grant_types:
- authorization_code
resourceType: Client
smart:
launch_uri: http://launch
auth:
authorization_code:
pkce: true
redirect_uri: http://redirect
refresh_token: true
secret_required: false
access_token_expiration: 300
details:
logo-uri: http://logo
meta:
_tenant: my-clinichttp
status: 201
description: provider-app-description
meta:
_tenant: my-clinic
name: provider-app-name
type: provider-facing-smart-app
grant_types:
- authorization_code
resourceType: Client
auth:
authorization_code:
pkce: true
redirect_uri: http://redirect
refresh_token: true
secret_required: false
access_token_expiration: 300
details:
logo-uri: http://logo
id: dfd4d79b-b3e3-4b66-a890-3059fc81f37f
smart:
launch_uri: http://launchNotice meta._tenant in the request containing the id of the tenant
Client for Bulk API
Bulk API Client must have a tenant link (see Multitenancy approach and What is Tenant articles). To create a Bulk API Client use the following request.
http
POST /Client
name: bulk-app-name
jwks_uri: http://jwks-uri
auth:
client_credentials:
client_assertion_types:
- urn:ietf:params:oauth:client-assertion-type:jwt-bearer
access_token_expiration: 300
type: bulk-api-client
scope:
- system/*.read
grant_types:
- client_credentials
meta:
_tenant: my-clinichttp
Status: 201
meta:
_tenant: my-clinic
name: bulk-app-name
type: bulk-api-client
grant_types:
- client_credentials
resourceType: Client
scope:
- system/*.read
auth:
client_credentials:
client_assertion_types:
- urn:ietf:params:oauth:client-assertion-type:jwt-bearer
access_token_expiration: 300
id: bb88c359-e080-4bc8-9418-47536f1c49f5
jwks_uri: http://jwks-uriNotice meta._tenant in the request containing the id of the tenant