FHIR Chat · SMART app Launch in EHR · smart

Stream: smart

Topic: SMART app Launch in EHR

view this post on Zulip Nihar (Jul 01 2021 at 06:58):

Hi...!!! We are trying to implement the Launch EHR Sequence and need clarity to confusion on the Launch URL in terms of Launch context parameter using JWT:

When we are using the JWT encoding under the launch parameter then do we also need to send the specific parameter of user and patient for setting the context:
E.g. A EHR User already has a session active and the same user is launching the app under EHR instance:
{
"alg": "HS256",
"typ": "JWT"
}
{
"iss": "http://ehr.example.com",
"ctx": {"user": "87a339d0-8cae-418e-89c7-8651e6aab3c6"},
"scope": "launch "
}
Now which of the following launch URL is correct for app launch:
https%3A%2F%2FFHIRBaseURL%2Flaunch.html?iss=http%3A%2F%2Fehr.example.com&launch=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vZWhyLmV4YW1wbGUuY29tIiwiY3R4Ijp7InVzZXIiOiI4N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYifSwic2NvcGUiOiJsYXVuY2gifQ.gZer_vNGXDuR63A6QzrPG7IbDDD67jhWybS1A4UJbXI

OR

https%3A%2F%2FFHIRBaseURL%2Flaunch.html?iss=http%3A%2F%2Fehr.example.com&launch=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vZWhyLmV4YW1wbGUuY29tIiwiY3R4Ijp7InVzZXIiOiI4N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYifSwic2NvcGUiOiJsYXVuY2gifQ.gZer_vNGXDuR63A6QzrPG7IbDDD67jhWybS1A4UJbXI&user=87a339d0-8cae-418e-89c7-8651e6aab3c6

Please suggest...Thanks in advance!!!

view this post on Zulip Mikael Rinnetmäki (Jul 01 2021 at 12:53):

From what I've seen the first call is a more common one. You give the client the iss and launch parameters. The client then passes the launch parameter back when asking for a token, that's how your EHR can identify the context (the user and the patient). If the client wishes to know the user, it should add the either the openid or the fhirUser scope in the token request (http://www.hl7.org/fhir/smart-app-launch/#step-3-app-exchanges-authorization-code-for-access-token), and would then get the id_token object with the info of the user.

view this post on Zulip Michele Mottini (Jul 01 2021 at 12:55):

Yes, first one

view this post on Zulip Mikael Rinnetmäki (Jul 01 2021 at 12:58):

And this is regardless of whether you use JWT or not. The launch parameter should be just an opaque string to the client, the client should not even try to parse it.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -