SMART on FHIR

Get to know, what SMART on FHIR features are supported in Aidbox

Launch sequences

Standalone launch
EHR launch (Portal)

Authorization flows

authorization code for smart apps
[WIP] client_credentials for pre-authorized backend services

Client Authentication

Symmetric (client secret)
[WIP] Asymmetric (JWT)

Scopes

User Indentity

status scope description

status	scope	description
Active	`openid` `fhirUser`	This pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect `id_token` claim. When the `fhirUser` scope is used, the ID Token will contain a claim (also called `fhirUser`) that contains a link to the FHIR Resource accociated with the logged in user.
Active	`openid` `profile`	This pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect `id_token` claim. Using the `profile` scope is an alternative to the `fhirUser` scope discussed above, and is supported by Smile CDR, but it is deprecated in the SMART App Launch specification.

Active

openid fhirUser

This pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect id_token claim. When the fhirUser scope is used, the ID Token will contain a claim (also called fhirUser) that contains a link to the FHIR Resource accociated with the logged in user.

Active

openid profile

This pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect id_token claim. Using the profile scope is an alternative to the fhirUser scope discussed above, and is supported by Smile CDR, but it is deprecated in the SMART App Launch specification.

Refresh Tokens

status scope description

status	scope	description
WIP	`online_access`	This scope permits that the client be issued a Refresh Token upon authentication, and permits the user to exchange the Refresh Token for an Access Token. This scope has no effect for clients that do not support the `refresh_token` grant type.
Active	`offline_access`	This scope permits that the client be issued a Refresh Token upon authentication, and permits the user to exchange the Refresh Token for an Access Token. This scope has no effect for clients that do not support the `refresh_token` grant type.

WIP

online_access

This scope permits that the client be issued a Refresh Token upon authentication, and permits the user to exchange the Refresh Token for an Access Token. This scope has no effect for clients that do not support the refresh_token grant type.

Active

offline_access

Patient-specific scopes

status scope description

status	scope	description
Active	`patient/[resourceType].read`	This scope permits the client to read (read/search) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. `Observation`). Smart on FHIR v1.
WIP	`patient/[resourceType].write`	This scope permits the client to write (create/update) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. `Observation`). Smart on FHIR v1.
WIP	`patient/[resourceType].c`	This scope permits the client to create all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. `Observation`). Smart on FHIR v2.
Active	`patient/[resourceType].r`	This scope permits the client to read (read) all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. `Observation`). Smart on FHIR v2.
WIP	`patient/[resourceType].u`	This scope permits the client to update all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. `Observation`). Smart on FHIR v2.
WIP	`patient/[resourceType].d`	This scope permits the client to delete all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. `Observation`). Smart on FHIR v2.
Active	`patient/[resourceType].s`	This scope permits the client to search all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. `Observation`). Smart on FHIR v2.

Active

patient/[resourceType].read

This scope permits the client to read (read/search) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation). Smart on FHIR v1.

WIP

patient/[resourceType].write

This scope permits the client to write (create/update) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation). Smart on FHIR v1.

WIP

patient/[resourceType].c

This scope permits the client to create all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation). Smart on FHIR v2.

Active

patient/[resourceType].r

This scope permits the client to read (read) all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation). Smart on FHIR v2.

WIP

patient/[resourceType].u

This scope permits the client to update all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation). Smart on FHIR v2.

WIP

patient/[resourceType].d

This scope permits the client to delete all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation). Smart on FHIR v2.

Active

patient/[resourceType].s

This scope permits the client to search all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation). Smart on FHIR v2.

Finer-grained resource constraints using search parameters

Aidbox supports scope restriction via query filters for patient-specific search scope (patient/Encounter.s). Aidbox transforms FHIR search parameters for search over resource types into query filter.

Example:

FHIR spec supports search parameter class for Encounter search operation.

GET [fhir-base-url]/Encounter?class=AMB

And these search parameter can be used in scope definition

patient/Encounter.s?class=AMB

User-level scopes

WIP

System-level scopes

WIP

Talk to a Health Samurai Engineer

If you'd like to learn more about using Aidbox or have any questions about this guide, connect with us on Telegram. We're happy to help.

Last updated 4 months ago