Difference between revisions of "SMART Usage"

From Hiasobi - FHIR
Jump to: navigation, search
(Parameters - id_token)
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
SMART on FHIR requested scope
  
 
+
== Scope:'''id_token'''==
 
+
* user claim details
 
+
==Parameters - '''id_token'''==
+
 
+
 
* id_token contains a JWT (JSON web token)
 
* id_token contains a JWT (JSON web token)
 
* See:  https://github.com/smart-on-fhir/smart-on-fhir.github.io/blob/master/authorization/smart-on-fhir-jwt-examples.ipynb
 
* See:  https://github.com/smart-on-fhir/smart-on-fhir.github.io/blob/master/authorization/smart-on-fhir-jwt-examples.ipynb
* Example token exchange response includes JWT
+
* Example token exchange response includes JWT in id_token
<pre>
+
<pre>  
 
{
 
{
"access_token":"NDU5YmNkYmMtYjg3NC00OWI0LThiMjctYTBiMjhlMzQzYTM2",
+
  "access_token":"ZTQyNzVmOTctMGQxYy00NjZmLTgxM2MtNzk4Nzg0OTI0ODIx",
 
   "token_type":"Bearer",
 
   "token_type":"Bearer",
  "expires_in":"86399",
+
"expires_in":"86361",
  "scope":null,
+
"scope":null,
   "state":"24738283",
+
   "state":"28564762",
   "patient":"2",
+
   "patient":"36",
 
   "encounter":null,
 
   "encounter":null,
  "location":null,
+
"location":null,
 
   "resource":null,
 
   "resource":null,
   "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo4MTAyIiwic3ViIjoidmVyaWZpZWRcXDgwMDM2MjgyMzMzNTUyODZcXDEiLCJhdWQiOiJodHRwczovL29yaWRhc2hpLmNvbS5hdS9zaXRlL2FwcHMvc21hcnQtaW5kZXguaHRtbCIsImV4cCI6IjE0NjA5Nzk1OTIiLCJuYW1lIjoiMSIsInByb2ZpbGUiOiJodHRwczovL2xvY2FsaG9zdDo4MTAyL1ByYWN0aXRpb25lci8xIn0.2Qw3vVfPXUotNu69e28OZ7FNc0rjHnBtHC5A4ZvM6fw",
+
   "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo4MTAyIiwic3ViIjoidGVzdFxcODAwMzYxMDgzMzM0MDg1MFxcMSIsImF1ZCI6Imh0dHBzOi8vb3JpZGFzaGkuY29tLmF1L3NpdGUvYXBwcy9zbWFydC1pbmRleC5odG1sIiwiZXhwIjoiMTQ2MTIwODIyMCJ9.CJxYaBP5K0gJLVZaVhyIYhc1RSqDLrm8coWlNs0AbXOrDhCRWssd7FsBoNDZNwXg8E+uW6XtpTFKSysdqJe55Tb0GKUqlMu1a+EqiApW46tBe5b67j//JkH/qRrdhM7ywZxebVzwgtuIa7EOJ59fqT4DgA6XadRsUP1nzo7OB+tYKLZnXMXGAVwVnFM527Hu4MjWyBExBkF2kPlX5ggu42tNfS+zPM1w3tZKjvnskpCv67F08SzMK0kkjaFeuCdO8fM1gqJnQPjkN36QXA8rUn3z8HsDZ1LJevUwHfOqEKEOaL1/hjKn9rmbE7w3rJs3/S9jB43W3V4V0dacVufBbQ==",
 
   "refresh_token":null
 
   "refresh_token":null
 
}
 
}
 
</pre>
 
</pre>
 +
 +
=== Example ===
 +
decoded JWT example; this is a signed JWT with Oridashi certificate
 +
 +
<pre>
 +
{
 +
  "iss":"https://localhost.oridashi.com.au:8102",
 +
  "sub":"verified\bp.8003628233355286\1",
 +
  "aud":"https://oridashi.com.au/site/apps/smart-index.html",
 +
  "exp":"1460979592",
 +
  "name":"Frederick Smith",
 +
  "profile":"https://localhost:8102/Practitioner/1"
 +
}
 +
</pre>
 +
 +
 +
=== Structure ===
 +
"sub" is the subject of the claim globally unique user identifier
 +
<id status>\<clinical system id>.<site identifer>\<practitioner id>
 +
 +
 +
'''<id status>'''
 +
[verified|unverified|test]
 +
a) 'test':samples/test mode; samples use always marked test to avoid production mismatch
 +
b) 'verified': by certificate check; only HPI-O can be verified by certificate
 +
c) 'unverified': asserted site id; only windows domain SID or generated instance identity
 +
 +
 +
'''<clinical system id>'''
 +
[md|bp|zedmed|genie|mt] - system type identifier
 +
 +
'''<site identifier>'''
 +
a) HPIO as entered and validated against installed eHealth certificate e.g. 8003628233355286
 +
b) Windows domain SID where present e.g. S-1-5-21-7375663-6890924511-1272660413-2944159
 +
c) Ad-hoc uniquely generated site identifier e.g. 57401CE7C397337ABB1B1D237875CCC6
 +
 +
'''<practitioner id>''' - internal site resource identifier string for the associated user Practitioner
 +
 +
'''Examples'''
 +
* verified\bp.8003628233355286\1
 +
* unverified\md.S-1-5-21-7375663-6890924511-1272660413-2944159\3
 +
* unverified\zedmed.57401CE7C397337ABB1B1D237875CCC6\ADM
 +
* test\bp.8003628233355311\4

Latest revision as of 10:33, 28 November 2018

SMART on FHIR requested scope

Scope:id_token

 
{
  "access_token":"ZTQyNzVmOTctMGQxYy00NjZmLTgxM2MtNzk4Nzg0OTI0ODIx",
  "token_type":"Bearer",
 "expires_in":"86361",
 "scope":null,
  "state":"28564762",
  "patient":"36",
  "encounter":null,
 "location":null,
  "resource":null,
  "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo4MTAyIiwic3ViIjoidGVzdFxcODAwMzYxMDgzMzM0MDg1MFxcMSIsImF1ZCI6Imh0dHBzOi8vb3JpZGFzaGkuY29tLmF1L3NpdGUvYXBwcy9zbWFydC1pbmRleC5odG1sIiwiZXhwIjoiMTQ2MTIwODIyMCJ9.CJxYaBP5K0gJLVZaVhyIYhc1RSqDLrm8coWlNs0AbXOrDhCRWssd7FsBoNDZNwXg8E+uW6XtpTFKSysdqJe55Tb0GKUqlMu1a+EqiApW46tBe5b67j//JkH/qRrdhM7ywZxebVzwgtuIa7EOJ59fqT4DgA6XadRsUP1nzo7OB+tYKLZnXMXGAVwVnFM527Hu4MjWyBExBkF2kPlX5ggu42tNfS+zPM1w3tZKjvnskpCv67F08SzMK0kkjaFeuCdO8fM1gqJnQPjkN36QXA8rUn3z8HsDZ1LJevUwHfOqEKEOaL1/hjKn9rmbE7w3rJs3/S9jB43W3V4V0dacVufBbQ==",
  "refresh_token":null
}

Example

decoded JWT example; this is a signed JWT with Oridashi certificate

{
  "iss":"https://localhost.oridashi.com.au:8102",
  "sub":"verified\bp.8003628233355286\1",
  "aud":"https://oridashi.com.au/site/apps/smart-index.html",
  "exp":"1460979592",
  "name":"Frederick Smith",
  "profile":"https://localhost:8102/Practitioner/1"
}


Structure

"sub" is the subject of the claim globally unique user identifier

<id status>\<clinical system id>.<site identifer>\<practitioner id> 


<id status>

[verified|unverified|test] 
a) 'test':samples/test mode; samples use always marked test to avoid production mismatch
b) 'verified': by certificate check; only HPI-O can be verified by certificate
c) 'unverified': asserted site id; only windows domain SID or generated instance identity


<clinical system id>

[md|bp|zedmed|genie|mt] - system type identifier 

<site identifier>

a) HPIO as entered and validated against installed eHealth certificate e.g. 8003628233355286
b) Windows domain SID where present e.g. S-1-5-21-7375663-6890924511-1272660413-2944159
c) Ad-hoc uniquely generated site identifier e.g. 57401CE7C397337ABB1B1D237875CCC6

<practitioner id> - internal site resource identifier string for the associated user Practitioner

Examples

  • verified\bp.8003628233355286\1
  • unverified\md.S-1-5-21-7375663-6890924511-1272660413-2944159\3
  • unverified\zedmed.57401CE7C397337ABB1B1D237875CCC6\ADM
  • test\bp.8003628233355311\4