Difference between revisions of "SMART Usage"
From Hiasobi - FHIR
Brett Esler (Talk | contribs) |
Brett Esler (Talk | contribs) |
||
| Line 36: | Line 36: | ||
</pre> | </pre> | ||
| − | |||
| − | |||
| + | "sub" is the subject of the claim globally unique user identifier | ||
| + | <id status>\<clinical system id>.<site identifer>\<practitioner id> | ||
| + | |||
| + | '''<id status>''' | ||
[verified|unverified|test] - 'test':samples/test mode; 'verified': by certificate check; 'unverified': asserted site id | [verified|unverified|test] - 'test':samples/test mode; 'verified': by certificate check; 'unverified': asserted site id | ||
| + | |||
| + | '''<clinical system id>''' | ||
[md|bp|zedmed|genie|mt] - system type identifier | [md|bp|zedmed|genie|mt] - system type identifier | ||
| − | + | '''<site identifier>''' | |
a) HPIO as entered and validated against installed eHealth certificate | a) HPIO as entered and validated against installed eHealth certificate | ||
b) Windows domain SID where present | b) Windows domain SID where present | ||
c) Ad-hoc uniquely generated site identifier | c) Ad-hoc uniquely generated site identifier | ||
Revision as of 16:09, 10 November 2016
Parameters - id_token
- user claim details
- id_token contains a JWT (JSON web token)
- See: https://github.com/smart-on-fhir/smart-on-fhir.github.io/blob/master/authorization/smart-on-fhir-jwt-examples.ipynb
- Example token exchange response includes JWT in id_token
{
"access_token":"ZTQyNzVmOTctMGQxYy00NjZmLTgxM2MtNzk4Nzg0OTI0ODIx",
"token_type":"Bearer",
"expires_in":"86361",
"scope":null,
"state":"28564762",
"patient":"36",
"encounter":null,
"location":null,
"resource":null,
"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo4MTAyIiwic3ViIjoidGVzdFxcODAwMzYxMDgzMzM0MDg1MFxcMSIsImF1ZCI6Imh0dHBzOi8vb3JpZGFzaGkuY29tLmF1L3NpdGUvYXBwcy9zbWFydC1pbmRleC5odG1sIiwiZXhwIjoiMTQ2MTIwODIyMCJ9.CJxYaBP5K0gJLVZaVhyIYhc1RSqDLrm8coWlNs0AbXOrDhCRWssd7FsBoNDZNwXg8E+uW6XtpTFKSysdqJe55Tb0GKUqlMu1a+EqiApW46tBe5b67j//JkH/qRrdhM7ywZxebVzwgtuIa7EOJ59fqT4DgA6XadRsUP1nzo7OB+tYKLZnXMXGAVwVnFM527Hu4MjWyBExBkF2kPlX5ggu42tNfS+zPM1w3tZKjvnskpCv67F08SzMK0kkjaFeuCdO8fM1gqJnQPjkN36QXA8rUn3z8HsDZ1LJevUwHfOqEKEOaL1/hjKn9rmbE7w3rJs3/S9jB43W3V4V0dacVufBbQ==",
"refresh_token":null
}
decoded JWT example; this is a signed JWT with Oridashi certificate
{
"iss":"https://localhost.oridashi.com.au:8102",
"sub":"verified\bp.8003628233355286\1",
"aud":"https://oridashi.com.au/site/apps/smart-index.html",
"exp":"1460979592",
"name":"Frederick Smith",
"profile":"https://localhost:8102/Practitioner/1"
}
"sub" is the subject of the claim globally unique user identifier
<id status>\<clinical system id>.<site identifer>\<practitioner id>
<id status>
[verified|unverified|test] - 'test':samples/test mode; 'verified': by certificate check; 'unverified': asserted site id
<clinical system id>
[md|bp|zedmed|genie|mt] - system type identifier
<site identifier>
a) HPIO as entered and validated against installed eHealth certificate b) Windows domain SID where present c) Ad-hoc uniquely generated site identifier
