1.5.1 EHR launch sequence
In SMART's EHR launch flow (shown above),
a user has established an EHR session, and then decides to launch an app. This
could be a single-patient app (which runs in the context of a patient record), or
a user-level app (like an appointment manager or a population dashboard). The EHR
initiates a "launch sequence" by opening a new browser instance (or iframe)
pointing to the app's registered launch URL and passing some context.
The following parameters are included:
| Parameters | ||
|---|---|---|
iss |
required | Identifies the EHR's FHIR endpoint, which the app can use to obtain additional details about the EHR, including its authorization URL. |
launch |
required |
Opaque identifier for this specific launch, and any EHR context associated
with it. This parameter must be communicated back to the EHR at authorization
time by passing along a launch=123 parameter (see below).
|
For example
A launch might cause the browser to redirect to:
Location: https://app/launch?iss=https%3A%2F%2Fehr%2Ffhir&launch=xyz123
On receiving the launch notification, the app would query the issuer's
/metadata endpoint:
GET https://ehr/fhir/metadata
Accept: application/json
The metadata response contains (among other details) the EHR's
conformance statement identifying the OAuth authorize and token
endpoint URLs for use in requesting authorization to access FHIR
resources.
Later, when the app prepares a list of access scopes to request from the EHR authorization server, it will bind to the existing EHR context by including the launch notification in the scope.