SMART on FHIR
Get to know, what SMART on FHIR features are supported in Aidbox
Launch sequences
Standalone launch
EHR launch (Portal)
Authorization flows
authorization code for smart apps
[WIP] client_credentials for pre-authorized backend services
Client Authentication
Symmetric (client secret)
[WIP] Asymmetric (JWT)
Scopes
User Indentity
Active
openid
fhirUser
This pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect id_token
claim. When the fhirUser
scope is used, the ID Token will contain a claim (also called fhirUser
) that contains a link to the FHIR Resource accociated with the logged in user.
Active
openid
profile
This pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect id_token
claim. Using the profile
scope is an alternative to the fhirUser
scope discussed above, and is supported by Smile CDR, but it is deprecated in the SMART App Launch specification.
Refresh Tokens
WIP
online_access
This scope permits that the client be issued a Refresh Token upon authentication, and permits the user to exchange the Refresh Token for an Access Token. This scope has no effect for clients that do not support the refresh_token
grant type.
Active
offline_access
This scope permits that the client be issued a Refresh Token upon authentication, and permits the user to exchange the Refresh Token for an Access Token. This scope has no effect for clients that do not support the refresh_token
grant type.
Patient-specific scopes
Active
patient/[resourceType].read
This scope permits the client to read (read/search) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation
).
Smart on FHIR v1.
WIP
patient/[resourceType].write
This scope permits the client to write (create/update) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation
).
Smart on FHIR v1.
WIP
patient/[resourceType].c
This scope permits the client to create all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation
).
Smart on FHIR v2.
Active
patient/[resourceType].r
This scope permits the client to read (read) all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation
).
Smart on FHIR v2.
WIP
patient/[resourceType].u
This scope permits the client to update all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation
).
Smart on FHIR v2.
WIP
patient/[resourceType].d
This scope permits the client to delete all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation
).
Smart on FHIR v2.
Active
patient/[resourceType].s
This scope permits the client to search all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation
).
Smart on FHIR v2.
Finer-grained resource constraints using search parameters
Aidbox supports scope restriction via query filters for patient-specific search scope (patient/Encounter.s
). Aidbox transforms FHIR search parameters for search over resource types into query filter.
Example:
FHIR spec supports search parameter class
for Encounter search operation.
GET [fhir-base-url]/Encounter?class=AMB
And these search parameter can be used in scope definition
patient/Encounter.s?class=AMB
User-level scopes
WIP
System-level scopes
WIP
Talk to a Health Samurai Engineer
If you'd like to learn more about using Aidbox or have any questions about this guide, connect with us on Telegram. We're happy to help.
Last updated
Was this helpful?