Stream: smart
Topic: launch and launch/patient scope in auth request
Sagar Shah (Sep 24 2020 at 11:47):
Can/should patient facing standalone app pass (or any app rather) pass both the scopes "launch" and "launch/patient" in auth request? I believe that's an error from the 3rd party app, but are there any rules on how Auth server is supposed to honor that request?
Josh Mandel (Sep 24 2020 at 12:57):
The expectation is that in the EHR Launch, an app that wants access to any launch context parameters should include a launch scope. If no more specific launch context requests are included, the server can convey whatever launch context it finds appropriate to share. Servers might choose to infer the launch scope when an app includes more specific launch context requests like launch/patient, but the general explanation is for clients is to include it launch .
For the apps using the Standalone Launch, they should provide specific launch context requests as needed.
Brian Postlethwaite (Jul 20 2021 at 03:41):
Reviewing the launch/patient scope, couldn't that also be appropriate for a smart client to request to indicate that it "requires" the patient context - and if the session doesn't currently have it, then it should get it.
Josh Mandel (Jul 20 2021 at 04:06):
For Standalone launches, that's precisely how it works. For EHR Launch, I don't think we go quite this far (since these apps are generally configured to launch from specific points in the workflow where relevant context exists).
Brian Postlethwaite (Jul 20 2021 at 04:10):
So that is assumed that it is in the "registration" of the SMART App into the EMR where that is known/configured rather than discovered?
Brian Postlethwaite (Jul 20 2021 at 04:10):
(makes sense)
Last updated: Apr 12 2022 at 19:14 UTC
