Login
Login event and session details.
- Schema
Elements
| Name | Required | Type | Description |
|---|---|---|---|
| client | Reference<ClientApplication> | DetailsThe client requesting the code. | |
| profileType | code | DetailsOptional required profile resource type. | |
| project | Reference<Project> | DetailsOptional required project for the login. | |
| user | ✓ | Reference< Bot | ClientApplication | User > | DetailsThe user requesting the code. |
| membership | Reference<ProjectMembership> | DetailsReference to the project membership which includes FHIR identity (patient, practitioner, etc), access policy, and user configuration. | |
| scope | string | DetailsOAuth scope or scopes. | |
| authMethod | ✓ | code | DetailsThe authentication method used to obtain the code (password or google). |
| authTime | ✓ | instant | DetailsTime when the End-User authentication occurred. |
| cookie | string | DetailsThe cookie value that can be used for session management. | |
| code | string | DetailsThe authorization code generated by the authorization server. The authorization code MUST expire shortly after it is issued to mitigate the risk of leaks. A maximum authorization code lifetime of 10 minutes is RECOMMENDED. The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code. The authorization code is bound to the client identifier and redirection URI. | |
| codeChallenge | string | DetailsPKCE code challenge presented in the authorization request. | |
| codeChallengeMethod | code | DetailsOPTIONAL, defaults to "plain" if not present in the request. Code verifier transformation method is "S256" or "plain". | |
| refreshSecret | string | DetailsOptional secure random string that can be used in an OAuth refresh token. | |
| nonce | string | DetailsOptional cryptographically random string that your app adds to the initial request and the authorization server includes inside the ID Token, used to prevent token replay attacks. | |
| mfaVerified | boolean | DetailsWhether the user has verified using multi-factor authentication (MFA). This will only be set is the user has MFA enabled (see User.mfaEnrolled). | |
| granted | boolean | DetailsWhether a token has been granted for this login. | |
| revoked | boolean | DetailsWhether this login has been revoked or invalidated. | |
| admin | boolean | DetailsDEPRECATED | |
| superAdmin | boolean | DetailsWhether this login has super administrator privileges. | |
| launch | Reference<SmartAppLaunch> | DetailsOptional SMART App Launch context for this login. | |
| remoteAddress | string | DetailsThe Internet Protocol (IP) address of the client or last proxy that sent the request. | |
| userAgent | string | DetailsThe User-Agent request header as sent by the client. |
Search Parameters
| Name | Type | Description | Expression |
|---|---|---|---|
| user | reference | The user of the login | Login.user |
| code | token | The code of the login | Login.code |
| cookie | token | The cookie code of the login | Login.cookie |
Inherited Elements
| Name | Required | Type | Description |
|---|---|---|---|
| id | string | Logical id of this artifact DetailsThe logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes. | |
| meta | Meta | DetailsThe metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource. | |
| implicitRules | uri | DetailsA reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc. | |
| language | code | DetailsThe base language in which the resource is written. |