Configuration
Safire is configured in two places:
- Client configuration — the FHIR server URL, credentials, and OAuth parameters passed to
Safire::Client.new - Global configuration — the logger, log level, and HTTP logging behaviour set once via
Safire.configure
Architecture Overview
Safire::Client is the public entry point. It owns a ClientConfig (validated at construction) and lazily builds a protocol implementation when first used. See ADR-002 for the facade design rationale, ADR-003 for the protocol: / client_type: design, and ADR-006 for the lazy discovery design.
flowchart TD
A["Safire::Client.new(config, protocol: :smart, client_type: :public)"]
B["Safire::ClientConfig\n— validates URIs\n— masks sensitive attrs"]
C{protocol:}
D["Protocols::Smart\n— reads attrs from ClientConfig\n— owns HTTPClient"]
E["SmartMetadata\n(lazy — fetched on first use)"]
F["GET /.well-known/\nsmart-configuration"]
A -->|"resolves config"| B
A -->|"validates protocol + client_type"| C
C -->|":smart (default)"| D
C -->|":udap (planned)"| G["Protocols::Udap\n(future)"]
D -->|"lazily fetches"| E
E -->|"HTTP"| F
Quick Reference
protocol: and client_type: are keyword arguments to Safire::Client.new. All other parameters are keys in the configuration hash (or Safire::ClientConfig attributes).
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
base_url | String | Yes | — | FHIR server base URL |
client_id | String | Yes | — | OAuth2 client identifier |
redirect_uri | String | Yes | — | Registered callback URL |
protocol: | Symbol | No | :smart | Authorization protocol — :smart or :udap |
client_type: | Symbol | No | :public | SMART client type — :public, :confidential_symmetric, or :confidential_asymmetric |
client_secret | String | No | — | Required for :confidential_symmetric |
private_key | OpenSSL::PKey / String | No | — | RSA/EC private key; required for :confidential_asymmetric |
kid | String | No | — | Key ID matching the public key registered with the server |
jwt_algorithm | String | No | auto | RS384 or ES384; auto-detected from key type |
jwks_uri | String | No | — | URL to client’s public JWKS, included as jku in JWT header |
scopes | Array | No | — | Default scopes for authorization requests |
authorization_endpoint | String | No | — | Override the discovered authorization endpoint |
token_endpoint | String | No | — | Override the discovered token endpoint |
In This Section
- Client Setup — creating a client, protocol and client type selection, URI rules, and credential protection
- Logging — global logger setup, HTTP request logging, log levels, and environment variables