Aidbox
Search
⌃K

Adding Clients for Inferno tests

This article explains how Clients for Inferno can be created
A Client can be added with predefined secret and without. Sometimes it's important to add a Client resource without predefined id and secret.

Client with predefined secret and id

To create or update a Client with predefined secret and id.
PUT /Client/inferno-confidential-patient-smart-app
Content-Type: text/yaml
secret: inferno-confidential-patient-smart-app-secret
type: patient-facing-smart-app
active: true
grant_types:
- authorization_code
auth:
authorization_code:
pkce: false
redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
refresh_token: true
secret_required: true
access_token_expiration: 300
smart:
launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'
  • id of the Client is defined within the uri. It's a inferno-confidential-patient-smart-app value
  • secret is defined in the request body. The secret value is inferno-confidential-patient-smart-app-secret

Client without predefined secret and id (patient confidential app)

To create a Client without predefined secret and client id use the smartbox.portal.developer.rpc/save-developer-application RPC method.
Request
Response
POST /rpc
Content-Type: text/yaml
method: smartbox.portal.developer.rpc/save-developer-application
params:
confidentiality:
value: confidential
name: some-app-name
description: some-app-name
redirect-url: http://redirect
launch-url: http://launch
logo-url: http://logo
org-name: org-name
org-url: http://org
policy-url: http://policy
tos-url: http://tos
status: 200
result:
id: b2f66062-4beb-43c8-a32c-aa072134185c # generated id of the Created client
message: Application saved successfully

Request parameters

  • confidentiality is a set of two options: confidential and public. In the example above the confidential is chosen
  • application-name is the application name
  • description is the application description
  • redirect-url is the redirect uri of the application
  • launch-uri is the launch uri pf the application
  • logo-url is the url of the application logo file
  • org-name is the name of the company application belongs to
  • org-url is the url of the compamy's website
  • policy-url is the link to the application policy page
  • tos-url is the link to the application term of services page

How to get Client secret

Use id we received oт the previous step to request Client details. The secret contains generated value.
Request
Response
GET /Client/b2f66062-4beb-43c8-a32c-aa072134185c
Content-Type: text/yaml
description: some-app-name
name: some-app-name
type: patient-facing-smart-app
grant_types:
- authorization_code
- basic
resourceType: Client
auth:
authorization_code:
redirect_uri: http://redirect
refresh_token: true
secret_required: true
access_token_expiration: 300
secret: M2JmODllMjItNzBiNC00MzM5LTkyMDktMDAxMzM4MGM5OTk2
details:
user:
name: {}
user-id: admin
logo-url: http://logo
organization:
url: http://org
name: org-name
service-terms: http://tos
privacy-policy-url: http://policy
active: true
id: >-
b2f66062-4beb-43c8-a32c-aa072134185c
smart:
launch_uri: http://launch

Client without predefined id (patient public app)

To create a Client without predefined id use the smartbox.portal.developer.rpc/save-developer-application RPC method.
Request
Response
POST /rpc
Content-Type: text/yaml
method: smartbox.portal.developer.rpc/save-developer-application
params:
confidentiality:
value: public
name: public-app-name
description: public-app-name
redirect-url: http://public.redirect
launch-url: http://public.launch
logo-url: http://public.logo
org-name: public-org-name
org-url: http://public.org
policy-url: http://public.policy
tos-url: http://public.tos
status: 200
result:
id: 068c221b-65e5-496c-82d0-53874d3d8714
message: Application saved successfully

Request parameters

  • confidentiality is a set of two options: confidential and public. In the example above the public is chosen
  • application-name is the application name
  • description is the application description
  • redirect-url is the redirect uri of the application
  • launch-uri is the launch uri pf the application
  • logo-url is the url of the application logo file
  • org-name is the name of the company application belongs to
  • org-url is the url of the compamy's website
  • policy-url is the link to the application policy page
  • tos-url is the link to the application term of services page

Client for provider usage

Provider SMART App must have a tenant link (see this and that articles). To create a Client for provider use the following request.
Request
Response
POST /Client
Content-Type: text/yaml
type: provider-facing-smart-app
name: provider-app-name
description: provider-app-description
grant_types:
- authorization_code
resourceType: Client
smart:
launch_uri: http://launch
auth:
authorization_code:
pkce: true
redirect_uri: http://redirect
refresh_token: true
secret_required: false
access_token_expiration: 300
details:
logo-uri: http://logo
meta:
_tenant: my-clinic
status: 201
description: provider-app-description
meta:
_tenant: my-clinic
name: provider-app-name
type: provider-facing-smart-app
grant_types:
- authorization_code
resourceType: Client
auth:
authorization_code:
pkce: true
redirect_uri: http://redirect
refresh_token: true
secret_required: false
access_token_expiration: 300
details:
logo-uri: http://logo
id: dfd4d79b-b3e3-4b66-a890-3059fc81f37f
smart:
launch_uri: http://launch
Notice meta._tenant in the request containing the id of the tenant

Client for Bulk API

Bulk API Client must have a tenant link (see this and that articles). To create a Bulk API Client use the following request.
Request
Response
POST /Client
name: bulk-app-name
jwks_uri: http://jwks-uri
auth:
client_credentials:
client_assertion_types:
- urn:ietf:params:oauth:client-assertion-type:jwt-bearer
access_token_expiration: 300
type: bulk-api-client
scope:
- system/*.read
grant_types:
- client_credentials
meta:
_tenant: my-clinic
Status: 201
meta:
_tenant: my-clinic
name: bulk-app-name
type: bulk-api-client
grant_types:
- client_credentials
resourceType: Client
scope:
- system/*.read
auth:
client_credentials:
client_assertion_types:
- urn:ietf:params:oauth:client-assertion-type:jwt-bearer
access_token_expiration: 300
id: bb88c359-e080-4bc8-9418-47536f1c49f5
jwks_uri: http://jwks-uri
Notice meta._tenant in the request containing the id of the tenant