/AWS1/CL_HLLIDENTITYPVDRCONF¶

The identity provider configuration selected when the data store was created.

`CONSTRUCTOR`¶

IMPORTING¶

Required arguments:¶

`iv_authorizationstrategy` `TYPE /AWS1/HLLAUTHORIZATIONSTRATEGY` `/AWS1/HLLAUTHORIZATIONSTRATEGY`¶

The authorization strategy selected when the HealthLake data store is created.

HealthLake provides support for both SMART on FHIR V1 and V2 as described below.

SMART_ON_FHIR_V1 – Support for only SMART on FHIR V1, which includes read (read/search) and write (create/update/delete) permissions.

SMART_ON_FHIR – Support for both SMART on FHIR V1 and V2, which includes create, read, update, delete, and search permissions.

AWS_AUTH – The default HealthLake authorization strategy; not affiliated with SMART on FHIR.

Optional arguments:¶

`iv_finegrainedauthenabled` `TYPE /AWS1/HLLBOOLEAN` `/AWS1/HLLBOOLEAN`¶

The parameter to enable SMART on FHIR fine-grained authorization for the data store.

`iv_metadata` `TYPE /AWS1/HLLCONFIGURATIONMETADATA` `/AWS1/HLLCONFIGURATIONMETADATA`¶

The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.

authorization_endpoint: The URL to the OAuth2 authorization endpoint.

grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.

token_endpoint: The URL to the OAuth2 token endpoint.

capabilities: An array of strings of the SMART capabilities that the authorization server supports.

code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.

`iv_idplambdaarn` `TYPE /AWS1/HLLLAMBDAARN` `/AWS1/HLLLAMBDAARN`¶

The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.

Queryable Attributes¶

AuthorizationStrategy¶

The authorization strategy selected when the HealthLake data store is created.

HealthLake provides support for both SMART on FHIR V1 and V2 as described below.

SMART_ON_FHIR_V1 – Support for only SMART on FHIR V1, which includes read (read/search) and write (create/update/delete) permissions.

SMART_ON_FHIR – Support for both SMART on FHIR V1 and V2, which includes create, read, update, delete, and search permissions.

AWS_AUTH – The default HealthLake authorization strategy; not affiliated with SMART on FHIR.

Accessible with the following methods¶

Method	Description
`GET_AUTHORIZATIONSTRATEGY()`	Getter for AUTHORIZATIONSTRATEGY, with configurable default
`ASK_AUTHORIZATIONSTRATEGY()`	Getter for AUTHORIZATIONSTRATEGY w/ exceptions if field has
`HAS_AUTHORIZATIONSTRATEGY()`	Determine if AUTHORIZATIONSTRATEGY has a value

FineGrainedAuthorizationEnabled¶

The parameter to enable SMART on FHIR fine-grained authorization for the data store.

Accessible with the following methods¶

Method	Description
`GET_FINEGRAINEDAUTHENABLED()`	Getter for FINEGRAINEDAUTHENABLED

Metadata¶

The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.

authorization_endpoint: The URL to the OAuth2 authorization endpoint.

grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.

token_endpoint: The URL to the OAuth2 token endpoint.

capabilities: An array of strings of the SMART capabilities that the authorization server supports.

code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.

Accessible with the following methods¶

Method	Description
`GET_METADATA()`	Getter for METADATA, with configurable default
`ASK_METADATA()`	Getter for METADATA w/ exceptions if field has no value
`HAS_METADATA()`	Determine if METADATA has a value

IdpLambdaArn¶

The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.

Accessible with the following methods¶

Method	Description
`GET_IDPLAMBDAARN()`	Getter for IDPLAMBDAARN, with configurable default
`ASK_IDPLAMBDAARN()`	Getter for IDPLAMBDAARN w/ exceptions if field has no value
`HAS_IDPLAMBDAARN()`	Determine if IDPLAMBDAARN has a value

/AWS1/CL_HLLIDENTITYPVDRCONF¶

CONSTRUCTOR¶

IMPORTING¶

Required arguments:¶

iv_authorizationstrategy TYPE /AWS1/HLLAUTHORIZATIONSTRATEGY /AWS1/HLLAUTHORIZATIONSTRATEGY¶

Optional arguments:¶

iv_finegrainedauthenabled TYPE /AWS1/HLLBOOLEAN /AWS1/HLLBOOLEAN¶

iv_metadata TYPE /AWS1/HLLCONFIGURATIONMETADATA /AWS1/HLLCONFIGURATIONMETADATA¶

iv_idplambdaarn TYPE /AWS1/HLLLAMBDAARN /AWS1/HLLLAMBDAARN¶

Queryable Attributes¶

AuthorizationStrategy¶

Accessible with the following methods¶

FineGrainedAuthorizationEnabled¶

Accessible with the following methods¶

Metadata¶

Accessible with the following methods¶

IdpLambdaArn¶

Accessible with the following methods¶

`CONSTRUCTOR`¶

`iv_authorizationstrategy` `TYPE /AWS1/HLLAUTHORIZATIONSTRATEGY` `/AWS1/HLLAUTHORIZATIONSTRATEGY`¶

`iv_finegrainedauthenabled` `TYPE /AWS1/HLLBOOLEAN` `/AWS1/HLLBOOLEAN`¶

`iv_metadata` `TYPE /AWS1/HLLCONFIGURATIONMETADATA` `/AWS1/HLLCONFIGURATIONMETADATA`¶

`iv_idplambdaarn` `TYPE /AWS1/HLLLAMBDAARN` `/AWS1/HLLLAMBDAARN`¶