IdentityProviderConfiguration

The authorization strategy selected when the data store was created.

Type: String

Valid Values: SMART_ON_FHIR_V1 | AWS_AUTH

Required: Yes

The parameter to enable SMART on FHIR fine-grained authorization for the data store.

Type: Boolean

Required: No

The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.

Type: String

Length Constraints: Minimum length of 49. Maximum length of 256.

Pattern: arn:aws:lambda:[a-z]{2}-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9\-_\.]+(:(\$LATEST|[a-zA-Z0-9\-_]+))?

Required: No

The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.

authorization_endpoint: The URL to the OAuth2 authorization endpoint.

grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.

token_endpoint: The URL to the OAuth2 token endpoint.

capabilities: An array of strings of the SMART capabilities that the authorization server supports.

code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.

Type: String

Required: No