As an experiment in agentic coding in ObjectScript I'm using VS Code to try and create an implementation of an SFTP server.

SFTP is built on top of SSH, so the first phase involves implementing an SSH server. While working on the KEX part of that the agent (using GPT-5.3-Codex) reported:

1. IRIS has what we already need for signing and hashing: RSASHASign, RSASHAVerify, RSAGetLastError, SHAHash, SHA1Hash, SHA3Hash.
2. It does not list a Diffie-Hellman key exchange or modular exponentiation API in %SYSTEM.Encryption.

It then offered these options:

1. Keep using IRIS APIs for cert/key/sign/hash.

In v2026.2 (currently available as a Developer Preview), we are adding a feature that can help in a FHIR Endpoint SMART/OAuth authorization - more out-of-the-box flexibility in audience value validation.

. . . you are not alone. 

Help is available.

This took me a while to figure out, and I assume there may be others struggling too. I made my way through all the Entra stuff to set up a client credentials workflow to send email through a Microsoft 365 account. I was able to successfully retrieve my token, but I couldn't ever get it to authenticate with the SMTP server using the %Net.SMTP class. There were two parts to fixing this.

First, the authenticator's access token needs to be more than JUST the access token. It has to be formatted as:

set smtp.authenticator.AccessToken = "user="_emailaddress_$C(1)_"auth=Bearer "_token_$C(1,1)

A very important feature for HL7 FHIR has been introduced with the release of v2026.1 - the support for SMART on FHIR v2 fine-grained granular Scopes.

This enables you to be much stricter and more accurate in the access you provide to the data in your FHIR repository.

Part of this new support is to refuse requests that don't match the scopes, but an even more interesting ability is to filter the results according to the provided scopes.