Skip to content
/ smart-context Public

An example implementation of a SMART on FHIR Context API for use by clients and the authorization service to resolve launch context.

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zedwerks/smart-context

BranchesTags

Repository files navigation

smart-context

An example implementation of a SMART on FHIR Context API for use by clients and the authorization service to resolve launch context.

Generating Swagger Docs

npm run swagger-autogen

Running

node server.js

or

npm start

Dockerfile

docker build -t smart-context .

docker run -p 8088:8088 smart-context

Docker Compose

This is the simplest way to get going. Edit the docker-compose.yml file have the environment variables set, then run:

docker compose up -d

Environment Variables

ISSUER is the url of the Oauth 2.0 token issuer. The GET method is protected by this token. The issuer's well-known endpoint is used to find the jwks.json endpoint for token validation.

This issuer must be found as the iss value in the token, or 401 is returned.

SCOPES is the list of scopes needed by the authenticated system. If absent, a 401 will be returned by the GET request.

CLIENT_ID is the OAuth 2.0 clientId that must be found in the JWT. Otherwise, a 401 is returned.

YOu want one client id in your auth server to represent the auth server itself. Strange to say, but the client retrieving context is the authorization server in order to resolve the patient, or encounter, etc, to set permissions and return the SMART bearer token to the calling SMART application.

API_KEY is the single (for now) API key needed by EMR/EHR clients to be able to POST a context. We can't/don't want to require user authN since the user has not completed authentication to the SMART authorization server until the launch flow completes.

For now this concept only supports a single API key. You can generate something reasonable like so:

openssl rand -hex 32

Notes

At this time the POST request only requires knowledge of a single API Key for now. This is set by an environment variable.

Example API Usage

POST to set context

curl --location 'http://localhost:8088/api/context' \
--header 'Content-Type: application/json' \
--header 'x-api-key: e7ce47e88053fa31998de414423e82c47fd479688be5ad8dd9ecc0ac61108a8b' \
--data '{
    "resourceType" : "Parameters",
    "parameter": [
        {
            "name": "patient",
            "resource": {
                "resourceType": "Patient",
                "use": "usual",
                "system":"urn:oid:2.16.840.1.113883.4.50",
                "type": "JHN",
                "value": "9094626885"
            }
        }
    ]
}'

GET Request to resolve context payload

This is called by the Authorization server, by taking the launch parameter and using it in the GET request.

curl --location 'http://localhost:8088/api/context/3335a882-bf12-48bb-ad78-212a46ae9297' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIiAiSldUIiwia2lkIiA6ICJLVFwQWRxb19FIn0...

About

An example implementation of a SMART on FHIR Context API for use by clients and the authorization service to resolve launch context.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages