Client

Clients represent applications (agents) interacting with API on behalf of the user or yourself.

Here is a list of key attributes for Client:

Attribute

Description

id

Unique id of client

secret

Secret used to confirm client identity in Basic Auth or Authorization Code Flows for example

grant_types

List of allowed ways to get access to API: basic, code, implicit, password, client_credentials

First Party

Sometimes there is one major application on top of your API.

Clients with attribute.first_party = true

Basic Auth

basic-client.yaml
resourceType: Client
grant_types: ['basic']

OAuth 2.0: Client Credentials

client-credentials
resourceType: Client
grant_types: ['basic']

OAuth 2.0: User Password

user-password
resourceType: Client
id: password-client
grant_types: ['basic']

OAuth 2.0: Authorization Code

auth-code-client
resourceType: Client
id: code-client
grant_types: ['code']

OAuth 2.0: Implicit

implicit-client
resourceType: Client
id: implicit-client
grant_types: ['implicit']

SMART on FHIR

smart-client
resourceType: Client
id: smart-client
grant_types: ['basic']