SMART Defines Two Patterns For Client Authorization
Authorizes a user-facing client application (“App”) to connect to a FHIR Server. This pattern allows for “launch context” such as currently selected patient to be shared with the app, based on a user’s session inside an EHR or other health data software, or based on a user’s selection at launch time. Authorization allows for delegation of a user’s permissions to the app itself.
In SMART’s standalone launch flow, a user selects an app from outside the EHR,
In SMART’s EHR launch flow, a user has established an EHR session, and then decides to launch an app. This could be a single-patient app (which runs in the context of a patient record), or a user-level app (like an appointment manager or a population dashboard).
- Register App with EHR (one-time step, can be out-of-band)
- Launch App: Standalone Launch or EHR Launch
- Retrieve .well-known/smart-configuration
- Obtain authorization code
- Obtain access token
- Access FHIR API
- Refresh access token
{% hint style="info" %} Check SMART App launch tutorial to launch Smart App locally {% endhint %}
{% hint style="info" %} For Inferno compliance test check Aidbox sample {% endhint %}
Authorizes a headless or automated client application (“Backend Service”) to connect to a FHIR Server. This pattern allows for backend services to connect and interact with an EHR when there is no user directly involved in the launch process.