SMART Scopes for Limiting Access

WORK IN PROGRESS

This functionality is available starting from version 2411 and only in

Aidbox supports SMART on FHIR scopes version 1 and version 2. To activate checking scopes in the Access Control layer, JWT access token has to contain the following claims:

Claim name

Value type

Description

* - required claim

Example

Parsed valid JWT access token

{
  "atv": 2,
  "aud": "https://example.edge.aidbox.app/fhir",
  "sub": "3d0efb80-9019-47a1-b361-e04538d871fe",
  "iss": "https://example.edge.aidbox.app",
  "exp": 1733234948,
  "scope": "launch/patient openid fhirUser offline_access patient/Condition.read patient/Observation.read patient/Patient.read",
  "jti": "53ed516a-3c81-4dcd-9551-7e953a93fc0e",
  "context": {
    "patient": "my-patient-id"
  },
  "iat": 1733234648
}

Patient data access API

For requests with patient scopes (patient/...) Aidbox limits access and filters retrieved data based on FHIR Patient CompartmentDefinition.

PreviousSMART on FHIR NextSMART App Launch

Last updated 15 hours ago