FHIR Chat · Azure + SMART · implementers

Stream: implementers

Topic: Azure + SMART

view this post on Zulip Eduardo Ferreira (Jan 23 2020 at 13:37):

Hello, I am currently trying out Azure API for FHIR together with SMART on FHIR's JS client.

I am struggling a bit with getting the right launch context back from the server after authenticating with my Microsoft Account. Does this require any special authentication setup? Do I need to play with the OpenID settings?

Also, how will Azure map a user (e-mail address) to a patient (Patient/ID) in order to limit access to resources? Does the patient ID have to match the username/email or can the the Azure admin do the mapping manually when registering a new user?

Your help is very appreciated.

view this post on Zulip Lloyd McKenzie (Jan 23 2020 at 20:01):

@Michael Hansen

view this post on Zulip Michael Hansen (Jan 24 2020 at 01:43):

We have some limited support for the in EHR flow but we do not attempt to map token to specific FHIR resource, nor do we respect or enforce SMART scopes. If you want to play with the SMART on FHIR proxy, here are the docs: https://docs.microsoft.com/en-us/azure/healthcare-apis/use-smart-on-fhir-proxy

Support for SMART on FHIR in an independent FHIR server with a stand-alone identity provider is not easy in general, since the identity provider is not aware of the FHIR data.

view this post on Zulip Eduardo Ferreira (Jan 24 2020 at 12:06):

We have some limited support for the in EHR flow but we do not attempt to map token to specific FHIR resource, nor do we respect or enforce SMART scopes. If you want to play with the SMART on FHIR proxy, here are the docs: https://docs.microsoft.com/en-us/azure/healthcare-apis/use-smart-on-fhir-proxy

Support for SMART on FHIR in an independent FHIR server with a stand-alone identity provider is not easy in general, since the identity provider is not aware of the FHIR data.

Thanks Michael, I have the proxy setup according to the tutorials and below is the token response I get, which does not contain the "patient" key of course. When passing the "launch: '...'" key as a FHIR.oauth2.authorize argument then I get the "patient" key back and all works perfectly fine.

If token/resource mapping is not encouraged, would the only way to identify a patient be passing the "launch" argument as shown in the example documented?

Screenshot-2020-01-24-at-12.47.35.png

view this post on Zulip Christophe Mattler (Jan 31 2020 at 17:56):

Hi,
I don't know if this is related, but we're trying to implement SMART on FHIR on top of Active Directory Federation Service, and we haven't found how to implement the context parameters (eg patient). We send them in the launch parameter, but we don't know how to make AD FS interpret it and send the context back in the response.

view this post on Zulip Lloyd McKenzie (Jan 31 2020 at 22:34):

@Josh Mandel

view this post on Zulip Gino Canessa (Jan 31 2020 at 22:40):

@Michael Hansen

view this post on Zulip Michael Hansen (Jan 31 2020 at 22:46):

We have a (rudimentary) Azure AD proxy for SMART:
https://docs.microsoft.com/en-us/azure/healthcare-apis/use-smart-on-fhir-proxy
It only supports in-ehr flow and coverage is limited.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -