FHIR IG analytics| Package | io.health-samurai.core.r4b |
| Resource Type | StructureDefinition |
| Id | StructureDefinition-TokenIntrospector.json |
| FHIR Version | R4B |
| Source | https://simplifier.net/resolve?scope=io.health-samurai.core.r4b@0.2601.0&canonical=http://health-samurai.io/fhir/core/StructureDefinition/TokenIntrospector |
| URL | http://health-samurai.io/fhir/core/StructureDefinition/TokenIntrospector |
| Version | 0.2601.0 |
| Status | active |
| Name | TokenIntrospector |
| Type | TokenIntrospector |
| Kind | resource |
No resources found
| StructureDefinition | |
| IdentityProvider | IdentityProvider |
No narrative content found in resource
FHIR
FHIRsmith{
"derivation": "specialization",
"fhirVersion": "4.3.0",
"name": "TokenIntrospector",
"abstract": false,
"type": "TokenIntrospector",
"resourceType": "StructureDefinition",
"status": "active",
"id": "TokenIntrospector",
"kind": "resource",
"url": "http://health-samurai.io/fhir/core/StructureDefinition/TokenIntrospector",
"version": "0.2601.0",
"differential": {
"element": [
{
"id": "TokenIntrospector",
"path": "TokenIntrospector",
"min": 0,
"max": "*",
"constraint": [
{
"key": "cont-11",
"severity": "error",
"human": "When type equals 'jwt' resource.jwt must be present",
"expression": "(%resource.type = 'jwt') implies %resource.jwt.exists()"
},
{
"key": "cont-12",
"severity": "error",
"human": "When 'jwks_uri' present resource.jwt.iss must be present as well",
"expression": "%resource.jwks_uri.exists() implies %resource.jwt.iss.exists()"
}
]
},
{
"id": "TokenIntrospector.type",
"path": "TokenIntrospector.type",
"short": "Specifies the type of token to introspect.",
"min": 1,
"max": "1",
"type": [
{
"code": "string"
}
],
"constraint": [
{
"key": "enum-1007",
"severity": "error",
"human": "Type must be one of: opaque, jwt, aspxauth",
"expression": "%context.subsetOf('opaque' | 'jwt' | 'aspxauth')"
}
]
},
{
"id": "TokenIntrospector._source",
"path": "TokenIntrospector._source",
"short": "System Property. DO NOT USE IT.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.jwks_uri",
"path": "TokenIntrospector.jwks_uri",
"short": "A URL pointing to a JSON Web Key Set (JWKS). When type is jwt the introspector retrieves public keys from this URI to validate token signatures.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.jwt",
"path": "TokenIntrospector.jwt",
"short": "Configuration for local JWT validation used when type is jwt.",
"min": 0,
"max": "1",
"type": [
{
"code": "BackboneElement"
}
],
"constraint": [
{
"key": "cont-10",
"severity": "error",
"human": "Exactly one of jwt.secret or jwt.keys or jwks_uri with jwt.iss MUST be present",
"expression": "(%context.secret.exists() xor %context.keys.exists() xor (%context.iss.exists() and %resource.jwks_uri.exists())) and (%context.secret.exists() and %context.keys.exists() and %context.iss.exists() and %resource.jwks_uri.exists()).not()"
}
]
},
{
"id": "TokenIntrospector.jwt.iss",
"path": "TokenIntrospector.jwt.iss",
"short": "The expected issuer (iss) claim value for JWTs. The TokenIntrospector ensures that tokens it validates come from this issuer.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.jwt.secret",
"path": "TokenIntrospector.jwt.secret",
"short": "A shared secret key or other signing key material used to verify the JWT's signature.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.jwt.keys",
"path": "TokenIntrospector.jwt.keys",
"short": "The set of keys to use for validation.",
"min": 0,
"max": "*",
"type": [
{
"code": "BackboneElement"
}
]
},
{
"id": "TokenIntrospector.jwt.keys.k",
"path": "TokenIntrospector.jwt.keys.k",
"short": "The symmetric key to use for validation.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.jwt.keys.pub",
"path": "TokenIntrospector.jwt.keys.pub",
"short": "The asymmetric key to use for validation.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.jwt.keys.kty",
"path": "TokenIntrospector.jwt.keys.kty",
"short": "The key type to use for validation.",
"min": 1,
"max": "1",
"type": [
{
"code": "string"
}
],
"constraint": [
{
"key": "enum-1160",
"severity": "error",
"human": "Key type must be one of: RSA, EC, OCT",
"expression": "%context.subsetOf('RSA' | 'EC' | 'OCT')"
}
]
},
{
"id": "TokenIntrospector.jwt.keys.alg",
"path": "TokenIntrospector.jwt.keys.alg",
"short": "The algorithm to use for validation.",
"min": 1,
"max": "1",
"type": [
{
"code": "string"
}
],
"constraint": [
{
"key": "enum-1161",
"severity": "error",
"human": "Algorithm must be one of: RS256, RS384, ES256, HS256",
"expression": "%context.subsetOf('RS256' | 'RS384' | 'ES256' | 'HS256')"
}
]
},
{
"id": "TokenIntrospector.jwt.keys.format",
"path": "TokenIntrospector.jwt.keys.format",
"short": "The format of the key to use for validation. 'plain' for symmetric algs (HS256) and 'PEM' for all asymmetric algs",
"min": 1,
"max": "1",
"type": [
{
"code": "string"
}
],
"constraint": [
{
"key": "enum-1162",
"severity": "error",
"human": "Format must be one of: PEM, plain",
"expression": "%context.subsetOf('PEM' | 'plain')"
}
]
},
{
"id": "TokenIntrospector.introspection_endpoint",
"path": "TokenIntrospector.introspection_endpoint",
"short": "Remote introspection endpoint configuration.",
"min": 0,
"max": "1",
"type": [
{
"code": "BackboneElement"
}
]
},
{
"id": "TokenIntrospector.introspection_endpoint.url",
"path": "TokenIntrospector.introspection_endpoint.url",
"short": "The fully qualified URL of the remote introspection endpoint.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.introspection_endpoint.authorization",
"path": "TokenIntrospector.introspection_endpoint.authorization",
"short": "The authorization header value.",
"min": 0,
"max": "1",
"type": [
{
"code": "string"
}
]
},
{
"id": "TokenIntrospector.identity_provider",
"path": "TokenIntrospector.identity_provider",
"short": "Link to Identity provider associated with the token introspector.",
"min": 0,
"max": "1",
"type": [
{
"code": "Reference",
"targetProfile": [
"http://health-samurai.io/fhir/core/StructureDefinition/IdentityProvider"
]
}
]
}
]
},
"baseDefinition": "http://hl7.org/fhir/StructureDefinition/DomainResource"
}