Udap.Tefca.Server 0.8.1

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Udap.Tefca.Server --version 0.8.1
                    


                    

                
NuGet\Install-Package Udap.Tefca.Server -Version 0.8.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Udap.Tefca.Server" Version="0.8.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Udap.Tefca.Server" Version="0.8.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Udap.Tefca.Server" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Udap.Tefca.Server --version 0.8.1
                    


                    

                
#r "nuget: Udap.Tefca.Server, 0.8.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Udap.Tefca.Server@0.8.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Udap.Tefca.Server&version=0.8.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Udap.Tefca.Server&version=0.8.1
                    


                            Install as a Cake Tool

Udap.Tefca.Server

TEFCA community-specific validators for UDAP registration and token issuance, implementing the TEFCA SOP: Facilitated FHIR Implementation v2.0 requirements.

Setup

Register both the TEFCA model extensions and the validators:

// Register TEFCA authorization extension types (tefca_ias, etc.)
builder.Services.AddUdapTefcaExtensions();

// Register TEFCA community validators
builder.Services.AddUdapTefcaValidation(options =>
{
    options.Communities.Add("tefca://test-community");
});

AddUdapTefcaExtensions() comes from the Udap.Tefca.Model package and registers TEFCA-specific authorization extension object types. Call it before AddUdapTefcaValidation().

The default community URI (tefca://tefca) is included automatically. Use the options delegate to add additional communities.

What it enforces

Token request validation

Rule client_credentials authorization_code
Required extensions hl7-b2b none
Allowed purpose_of_use 12 TEFCA XP codes 12 TEFCA XP codes
Max purpose_of_use count 1 1
POU must match SAN URI yes yes
IAS + client_creds requires tefca_ias yes n/a

The allowed purpose_of_use codes come from the TEFCA SOP: Exchange Purposes v4.0 (OID: 2.16.840.1.113883.3.7204.1.5.2.1):

T-TREAT, T-REQTREAT, T-HPO, T-PAY, T-COC, T-HEDIS, T-QMR, T-PH, T-ECR, T-ELR, T-IAS, T-GBD

Registration validation

At dynamic client registration time, TefcaRegistrationValidator validates that the client certificate's SAN URI contains a valid TEFCA Exchange Purpose code in the fragment (e.g., https://example.com/fhir#T-TREAT).

IAS conditional logic

When a client is registered with exchange purpose T-IAS and requests a client_credentials token, the tefca_ias authorization extension object must be present in the request (SOP v2.0 Section 6.11).

SSRAA vs TEFCA comparison

Rule SSRAA TEFCA
hl7-b2b required client_credentials only client_credentials only
Allowed POU codes 62 (HL7 v3 full set) 12 (TEFCA XP subset)
Max POU count unlimited 1
POU must match SAN URI no yes
Registration validation none SAN URI XP code validation
IAS support n/a tefca_ias AEO required

How it works

TefcaTokenValidator and TefcaRegistrationValidator implement ICommunityTokenValidator and ICommunityRegistrationValidator respectively. At runtime:

  1. Registration: TefcaRegistrationValidator checks if the client's SAN URI contains a valid XP code fragment
  2. Token request: TefcaTokenValidator returns rules for the grant type, then validates that the purpose_of_use in the hl7-b2b extension matches the registered SAN URI's XP code

See Udap.Server for the full auth server setup and the Udap.Auth.Server example for a working reference.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.8.1 38 5/20/2026
0.8.0 93 5/15/2026
0.7.13 85 5/15/2026
0.7.12 112 4/1/2026
0.7.11 97 3/31/2026
0.7.10 94 3/31/2026
0.7.9 99 3/31/2026
0.7.8 98 3/30/2026
0.7.7 94 3/30/2026
0.7.6 99 3/30/2026
0.7.5 98 3/30/2026
0.7.4 99 3/29/2026
0.7.3 102 3/29/2026
0.7.2 105 3/28/2026