SMART authorization & FHIR access: overview

An app (confidential or public) can launch from within an existing EHR session, which is known as an EHR launch. Alternatively, it can launch as a standalone app.

In an EHR launch, an opaque handle to the EHR context is passed along to the app as part of the launch URL. The app later will include this context handle as a scope parameter when it requests authorization to access resources. Note that the complete URLs of all apps approved for use by users of this EHR will have been registered with the EHR authorization server.

Alternatively, in a standalone launch, when the app launches from outside an EHR session, the app can request context from the EHR authorization server during the authorization process described below.

Once the app is launched, it requests authorization to access a FHIR resource by redirecting its authorization request to the EHR’s authorization server. Based on pre-defined rules and possibly end-user authorization, the EHR authorization server either grants the request by returning an authorization code to the app’s redirect URL, or denies the request. The app then exchanges the authorization code for an access token, which the app presents to the EHR’s resource server to obtain the FHIR resource. If a refresh token is returned along with the access token, the app may use this to request a new access token, with the same scope, once the access token expires.