Stream: smart
Topic: Provider apps that launch standalone
Lakshmi Bhamidipati (Mar 01 2022 at 19:33):
I have a couple of questions related to generation of a token when a Provider/User smart app is launched outside of EHR. If the app requires a patient context, is the expectation that the app calls the "authorize" endpoint (assuming we are going with Authorization Code grant type in the oAuth flow) with launch/patient scope and the authorization server displays the patient lookup screen after provider authentication? My other question is - how will the "authorize" endpoint know if a provider or patient login screen be displayed for authentication. In the SMART App Launcher test page, I saw that "login_type=provider" or "login_type=patient" is being used. Thank you.
Josh Mandel (Mar 01 2022 at 20:48):
is the expectation that the app calls the "authorize" endpoint (assuming we are going with Authorization Code grant type in the oAuth flow) with launch/patient scope and the authorization server displays the patient lookup screen
Yes, if launch/patient scope or other patient/ scopes are requested. Handling this is part of the job of the "authorize" endpoint (i.e., knowing how to authenticate users, and knowing which users are allowed to access which records).
Last updated: Apr 12 2022 at 19:14 UTC
