Amazon HealthLake · JSON Structure

Healthlake Identity Provider Configuration Structure

The identity provider configuration that you gave when the data store was created.

Type: object Properties: 4 Required: 1
FHIRHealth DataHealthcareHIPAACloud Computing

IdentityProviderConfiguration is a JSON Structure definition published by Amazon HealthLake, describing 4 properties, of which 1 is required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

AuthorizationStrategy FineGrainedAuthorizationEnabled Metadata IdpLambdaArn

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-healthlake/refs/heads/main/json-schema/healthlake-identity-provider-configuration-schema.json",
  "name": "IdentityProviderConfiguration",
  "type": "object",
  "required": [
    "AuthorizationStrategy"
  ],
  "properties": {
    "AuthorizationStrategy": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AuthorizationStrategy"
        },
        {
          "description": "The authorization strategy that you selected when you created the data store."
        }
      ]
    },
    "FineGrainedAuthorizationEnabled": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Boolean"
        },
        {
          "description": "If you enabled fine-grained authorization when you created the data store."
        }
      ]
    },
    "Metadata": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ConfigurationMetadata"
        },
        {
          "description": "<p>The JSON metadata elements that you want to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see <a href=\"https://build.fhir.org/ig/HL7/smart-app-launch/conformance.html#metadata\">Metadata</a> in SMART's App Launch specification.</p> <p> <code>authorization_endpoint</code>: The URL to the OAuth2 authorization endpoint.</p> <p> <code>grant_types_supported</code>: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are <code>authorization_code</code> and <code>client_credentials</code>.</p> <p> <code>token_endpoint</code>: The URL to the OAuth2 token endpoint.</p> <p> <code>capabilities</code>: An array of strings of the SMART capabilities that the authorization server supports.</p> <p> <code>code_challenge_methods_supported</code>: An array of strings of supported PKCE code challenge methods. You must include the <code>S256</code> method in the array of PKCE code challenge methods.</p>"
        }
      ]
    },
    "IdpLambdaArn": {
      "allOf": [
        {
          "$ref": "#/components/schemas/LambdaArn"
        },
        {
          "description": "The Amazon Resource Name (ARN) of the Lambda function that you want to use to decode the access token created by the authorization server."
        }
      ]
    }
  },
  "description": "The identity provider configuration that you gave when the data store was created."
}