Difference between revisions of "SMART Usage"
From Hiasobi - FHIR
Brett Esler (Talk | contribs) |
Brett Esler (Talk | contribs) |
||
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | SMART on FHIR requested scope | ||
− | + | == Scope:'''id_token'''== | |
− | + | * user claim details | |
− | + | ||
− | == | + | |
− | + | ||
* id_token contains a JWT (JSON web token) | * id_token contains a JWT (JSON web token) | ||
* See: https://github.com/smart-on-fhir/smart-on-fhir.github.io/blob/master/authorization/smart-on-fhir-jwt-examples.ipynb | * See: https://github.com/smart-on-fhir/smart-on-fhir.github.io/blob/master/authorization/smart-on-fhir-jwt-examples.ipynb | ||
Line 10: | Line 8: | ||
<pre> | <pre> | ||
{ | { | ||
− | "access_token":" | + | "access_token":"ZTQyNzVmOTctMGQxYy00NjZmLTgxM2MtNzk4Nzg0OTI0ODIx", |
"token_type":"Bearer", | "token_type":"Bearer", | ||
− | + | "expires_in":"86361", | |
− | + | "scope":null, | |
− | "state":" | + | "state":"28564762", |
− | "patient":" | + | "patient":"36", |
"encounter":null, | "encounter":null, | ||
− | + | "location":null, | |
"resource":null, | "resource":null, | ||
− | "id_token":" | + | "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo4MTAyIiwic3ViIjoidGVzdFxcODAwMzYxMDgzMzM0MDg1MFxcMSIsImF1ZCI6Imh0dHBzOi8vb3JpZGFzaGkuY29tLmF1L3NpdGUvYXBwcy9zbWFydC1pbmRleC5odG1sIiwiZXhwIjoiMTQ2MTIwODIyMCJ9.CJxYaBP5K0gJLVZaVhyIYhc1RSqDLrm8coWlNs0AbXOrDhCRWssd7FsBoNDZNwXg8E+uW6XtpTFKSysdqJe55Tb0GKUqlMu1a+EqiApW46tBe5b67j//JkH/qRrdhM7ywZxebVzwgtuIa7EOJ59fqT4DgA6XadRsUP1nzo7OB+tYKLZnXMXGAVwVnFM527Hu4MjWyBExBkF2kPlX5ggu42tNfS+zPM1w3tZKjvnskpCv67F08SzMK0kkjaFeuCdO8fM1gqJnQPjkN36QXA8rUn3z8HsDZ1LJevUwHfOqEKEOaL1/hjKn9rmbE7w3rJs3/S9jB43W3V4V0dacVufBbQ==", |
"refresh_token":null | "refresh_token":null | ||
} | } | ||
</pre> | </pre> | ||
+ | |||
+ | === Example === | ||
+ | decoded JWT example; this is a signed JWT with Oridashi certificate | ||
+ | |||
+ | <pre> | ||
+ | { | ||
+ | "iss":"https://localhost.oridashi.com.au:8102", | ||
+ | "sub":"verified\bp.8003628233355286\1", | ||
+ | "aud":"https://oridashi.com.au/site/apps/smart-index.html", | ||
+ | "exp":"1460979592", | ||
+ | "name":"Frederick Smith", | ||
+ | "profile":"https://localhost:8102/Practitioner/1" | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | === Structure === | ||
+ | "sub" is the subject of the claim globally unique user identifier | ||
+ | <id status>\<clinical system id>.<site identifer>\<practitioner id> | ||
+ | |||
+ | |||
+ | '''<id status>''' | ||
+ | [verified|unverified|test] | ||
+ | a) 'test':samples/test mode; samples use always marked test to avoid production mismatch | ||
+ | b) 'verified': by certificate check; only HPI-O can be verified by certificate | ||
+ | c) 'unverified': asserted site id; only windows domain SID or generated instance identity | ||
+ | |||
+ | |||
+ | '''<clinical system id>''' | ||
+ | [md|bp|zedmed|genie|mt] - system type identifier | ||
+ | |||
+ | '''<site identifier>''' | ||
+ | a) HPIO as entered and validated against installed eHealth certificate e.g. 8003628233355286 | ||
+ | b) Windows domain SID where present e.g. S-1-5-21-7375663-6890924511-1272660413-2944159 | ||
+ | c) Ad-hoc uniquely generated site identifier e.g. 57401CE7C397337ABB1B1D237875CCC6 | ||
+ | |||
+ | '''<practitioner id>''' - internal site resource identifier string for the associated user Practitioner | ||
+ | |||
+ | '''Examples''' | ||
+ | * verified\bp.8003628233355286\1 | ||
+ | * unverified\md.S-1-5-21-7375663-6890924511-1272660413-2944159\3 | ||
+ | * unverified\zedmed.57401CE7C397337ABB1B1D237875CCC6\ADM | ||
+ | * test\bp.8003628233355311\4 |
Latest revision as of 10:33, 28 November 2018
SMART on FHIR requested scope
Scope:id_token
- user claim details
- id_token contains a JWT (JSON web token)
- See: https://github.com/smart-on-fhir/smart-on-fhir.github.io/blob/master/authorization/smart-on-fhir-jwt-examples.ipynb
- Example token exchange response includes JWT in id_token
{ "access_token":"ZTQyNzVmOTctMGQxYy00NjZmLTgxM2MtNzk4Nzg0OTI0ODIx", "token_type":"Bearer", "expires_in":"86361", "scope":null, "state":"28564762", "patient":"36", "encounter":null, "location":null, "resource":null, "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo4MTAyIiwic3ViIjoidGVzdFxcODAwMzYxMDgzMzM0MDg1MFxcMSIsImF1ZCI6Imh0dHBzOi8vb3JpZGFzaGkuY29tLmF1L3NpdGUvYXBwcy9zbWFydC1pbmRleC5odG1sIiwiZXhwIjoiMTQ2MTIwODIyMCJ9.CJxYaBP5K0gJLVZaVhyIYhc1RSqDLrm8coWlNs0AbXOrDhCRWssd7FsBoNDZNwXg8E+uW6XtpTFKSysdqJe55Tb0GKUqlMu1a+EqiApW46tBe5b67j//JkH/qRrdhM7ywZxebVzwgtuIa7EOJ59fqT4DgA6XadRsUP1nzo7OB+tYKLZnXMXGAVwVnFM527Hu4MjWyBExBkF2kPlX5ggu42tNfS+zPM1w3tZKjvnskpCv67F08SzMK0kkjaFeuCdO8fM1gqJnQPjkN36QXA8rUn3z8HsDZ1LJevUwHfOqEKEOaL1/hjKn9rmbE7w3rJs3/S9jB43W3V4V0dacVufBbQ==", "refresh_token":null }
Example
decoded JWT example; this is a signed JWT with Oridashi certificate
{ "iss":"https://localhost.oridashi.com.au:8102", "sub":"verified\bp.8003628233355286\1", "aud":"https://oridashi.com.au/site/apps/smart-index.html", "exp":"1460979592", "name":"Frederick Smith", "profile":"https://localhost:8102/Practitioner/1" }
Structure
"sub" is the subject of the claim globally unique user identifier
<id status>\<clinical system id>.<site identifer>\<practitioner id>
<id status>
[verified|unverified|test] a) 'test':samples/test mode; samples use always marked test to avoid production mismatch b) 'verified': by certificate check; only HPI-O can be verified by certificate c) 'unverified': asserted site id; only windows domain SID or generated instance identity
<clinical system id>
[md|bp|zedmed|genie|mt] - system type identifier
<site identifier>
a) HPIO as entered and validated against installed eHealth certificate e.g. 8003628233355286 b) Windows domain SID where present e.g. S-1-5-21-7375663-6890924511-1272660413-2944159 c) Ad-hoc uniquely generated site identifier e.g. 57401CE7C397337ABB1B1D237875CCC6
<practitioner id> - internal site resource identifier string for the associated user Practitioner
Examples
- verified\bp.8003628233355286\1
- unverified\md.S-1-5-21-7375663-6890924511-1272660413-2944159\3
- unverified\zedmed.57401CE7C397337ABB1B1D237875CCC6\ADM
- test\bp.8003628233355311\4