SMART on FHIR

SMART Defines Two Patterns For Client Authorization
​Authorization via SMART App Launch​
Authorizes a user-facing client application (“App”) to connect to a FHIR Server. This pattern allows for “launch context” such as currently selected patient to be shared with the app, based on a user’s session inside an EHR or other health data software, or based on a user’s selection at launch time. Authorization allows for delegation of a user’s permissions to the app itself.
Launch App: Standalone Launch
In SMART’s standalone launch flow, a user selects an app from outside the EHR,
Launch App: EHR Launch
In SMART’s EHR launch flow, a user has established an EHR session, and then decides to launch an app. This could be a single-patient app (which runs in the context of a patient record), or a user-level app (like an appointment manager or a population dashboard).
The top-level steps for Smart App Launch are:
1.​Register App with EHR (one-time step, can be out-of-band)
2.Launch App: Standalone Launch or EHR Launch​
3.​Retrieve .well-known/smart-configuration​
4.​Obtain authorization code​
5.​Obtain access token​
6.​Access FHIR API​
7.​Refresh access token​
Check SMART App launch tutorial to launch Smart App locally
For Inferno compliance test check Aidbox sample​
​Authorization via SMART Backend Services​
Authorizes a headless or automated client application (“Backend Service”) to connect to a FHIR Server. This pattern allows for backend services to connect and interact with an EHR when there is no user directly involved in the launch process.

Access control lists (ACL)

Access policy dev tool

Last modified 18d ago

SMART on FHIR

​Authorization via SMART App Launch​

Launch App: Standalone Launch

Launch App: EHR Launch

The top-level steps for Smart App Launch are:

​Authorization via SMART Backend Services​

Authorization via SMART App Launch

Authorization via SMART Backend Services