OptionalissFHIR server base URL. Required for standalone launch; ignored if present in launchUrl query.
OptionallaunchEHR launch parameter. Usually comes from launchUrl query, not config.
OAuth 2.0 client identifier.
Space-separated scope string. launch scope is auto-appended for EHR launches if missing.
Absolute redirect URI registered with the authorization server.
OptionalclientConfidential client secret (server-side only). Not persisted in pending or session; pass it again to token refresh/revocation helpers.
OptionalpkcePKCE behavior.
ifSupported (default) — enable PKCE iff server advertises S256 in code_challenge_methods_supported.
required — throw if S256 is not advertised.
disabled — never use PKCE.
OptionalissOptional allow-list for the resolved iss, guarding against arbitrary-iss CSRF.
OptionallaunchFull URL of the current launch request — used to extract iss and launch from query parameters.
OptionalwellPass-through RequestInit for the discovery request.
Configuration accepted by
authorize.Standalone vs EHR launch is determined by inspecting
launchUrl: if it carriesissandlaunchquery parameters the request is treated as an EHR launch and those values overrideiss/launchfrom config.