Stream: smart
Topic: Design patterns for authorizing into app backend
Gaurav Trivedi (Jun 10 2021 at 14:42):
Hello everyone, I was looking for some advice on design patterns authorizing my SMART app to its backend service. I want to be able to make calls to rest endpoints in my backend service from the provider facing SMART app launched by the EMR. If the provider is authenticated by the EMR then I wouldn't want them to login again into the backend service of my SMART app for my usecase. I was wondering if there are other folks who have thought about this and can advise on designing this authorization flow. It would super helpful to see any example app which such design.
Michele Mottini (Jun 10 2021 at 15:08):
Single sign on using openid connect is the standard way to do that - most SMART-on-FHIR server supports it
Gaurav Trivedi (Jun 10 2021 at 17:29):
Thanks! This is what I was looking for. Would you know if there a list of vendors that support openid connect?
Josh Mandel (Jun 10 2021 at 17:35):
This is part of the SMART App Launch spec, so certified EHRs in the US support it or will support it in the next year.
Josh Mandel (Jun 10 2021 at 17:36):
E.g., you can review fhir.epic.com and code.cerner.com to see support from major vendors today.
Last updated: Apr 12 2022 at 19:14 UTC
