You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/1.0.md
+6-5Lines changed: 6 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -109,7 +109,7 @@ Field | Optionality | Type | Description
109
109
`hook` | REQUIRED | *string* | The hook that triggered this CDS Service call<br />(todo: link to hook documentation)
110
110
<nobr>`hookInstance`</nobr> | REQUIRED | *string* | A UUID for this particular hook call (see more information below)
111
111
`fhirServer` | OPTIONAL | *URL* | The base URL EHR's [FHIR](https://www.hl7.org/fhir/) server. If fhirAuthorization is provided, this field is REQUIRED. The scheme should be `https`
112
-
`fhirAuthorization` | OPTIONAL | *object* | A structure holding an OAuth 2.0 bearer access token granting the CDS Service access to FHIR resources, along with supplemental information relating to the token. See the [FHIR Resource Access](#fhir-resource-access) section for more information.
112
+
`fhirAuthorization` | OPTIONAL | *object* | A structure holding an [OAuth 2.0][OAuth 2.0] bearer access token granting the CDS Service access to FHIR resources, along with supplemental information relating to the token. See the [FHIR Resource Access](#fhir-resource-access) section for more information.
113
113
`user` | REQUIRED | *string* | The FHIR resource type + id representing the current user.<br />The type is one of: [Practitioner](https://www.hl7.org/fhir/practitioner.html), [Patient](https://www.hl7.org/fhir/patient.html), or [RelatedPerson](https://www.hl7.org/fhir/relatedperson.html).<br />For example, `Practitioner/123`
114
114
`context` | REQUIRED | *object* | Hook-specific contextual data that the CDS service will need.<br />For example, with the `medication-prescribe` hook this will include [MedicationOrder](https://www.hl7.org/fhir/medicationorder.html) being prescribed. For details, see the [Hooks specification](http://cds-hooks.org/hooks/).
115
115
`prefetch` | OPTIONAL | *object* | The FHIR data that was prefetched by the EHR (see more information below)
@@ -291,7 +291,7 @@ The CDS Service is able to use the EHR's FHIR server to obtain any FHIR resource
291
291
292
292
Like SMART on FHIR, CDS Hooks requires that clients present a valid access token to the FHIR server with each API call. Thus, a CDS Service must be able to obtain an access token before communicating with the EHR's FHIR resource server. While CDS Hooks shares the underlying technical framework and standards as SMART on FHIR, the CDS Hooks workflow must accommodate the automated, low-latency delivery of an access token to the CDS service.
293
293
294
-
With CDS Hooks, if the EHR wants to provide the CDS Service direct access to FHIR resources, the EHR creates an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with OAuth 2.0's bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The EHR remains in control of creating an access token that is associated with the specific CDS Service, user, and context of the invocation. As the CDS Service executes on behalf of a user, the data to which the CDS Service is given access MUST BE limited to the same restrictions and authorizations afforded the current user. As such, the access token SHALL BE scoped to:
294
+
With CDS Hooks, if the EHR wants to provide the CDS Service direct access to FHIR resources, the EHR creates an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with [OAuth 2.0's][OAuth 2.0] bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The EHR remains in control of creating an access token that is associated with the specific CDS Service, user, and context of the invocation. As the CDS Service executes on behalf of a user, the data to which the CDS Service is given access MUST BE limited to the same restrictions and authorizations afforded the current user. As such, the access token SHALL BE scoped to:
295
295
296
296
- The CDS Service being invoked
297
297
- The current user
@@ -302,11 +302,11 @@ The access token is specified in the CDS Service request via the OPTIONAL `fhirA
302
302
303
303
Field | Optionality | Type | Description
304
304
----- | ----- | ----- | -----------
305
-
`access_token` | REQUIRED | *string* | This is the OAuth 2 access token that provides access to the FHIR server.
305
+
`access_token` | REQUIRED | *string* | This is the [OAuth 2.0][OAuth 2.0] access token that provides access to the FHIR server.
`expires_in` | REQUIRED | *integer* | The lifetime in seconds of the access token.
308
308
`scope` | REQUIRED | *string* | The scopes the access token grants the CDS Service.
309
-
`subject` | REQUIRED | *string* | The OAuth 2.0 client identifier of the CDS Service, as registered with the EHR's authorization server.
309
+
`subject` | REQUIRED | *string* | The [OAuth 2.0][OAuth 2.0] client identifier of the CDS Service, as registered with the EHR's authorization server.
310
310
311
311
The scopes granted to the CDS Service via the `scope` field are defined by the [SMART on FHIR specification](http://www.hl7.org/fhir/smart-app-launch/scopes-and-launch-context/).
312
312
@@ -406,7 +406,7 @@ Field | Optionality | Type | Description
406
406
<nobr>`label`</nobr>| REQUIRED | *string* | Human-readable label to display for this link (e.g. the EHR might render this as the underlined text of a clickable link).
407
407
`url` | REQUIRED | *URL* | URL to load (via `GET`, in a browser context) when a user clicks on this link. Note that this may be a "deep link" with context embedded in path segments, query parameters, or a hash.
408
408
`type` | REQUIRED | *string* | The type of the given URL. There are two possible values for this field. A type of `absolute` indicates that the URL is absolute and should be treated as-is. A type of `smart` indicates that the URL is a SMART app launch URL and the EHR should ensure the SMART app launch URL is populated with the appropriate SMART launch parameters.
409
-
`appContext` | OPTIONAL | *string* | An optional field that allows the CDS Service to pass context regarding the launch of this SMART app from the CDS card to the SMART app. The `appContext` field should only be valued if the link type is `smart` and is not valid for `absolute` links. The `appContext` field and value will be sent to the SMART app as part of the OAuth 2 access token response, alongside the other launch context when the SMART app is launched.
409
+
`appContext` | OPTIONAL | *string* | An optional field that allows the CDS Service to pass context regarding the launch of this SMART app from the CDS card to the SMART app. The `appContext` field should only be valued if the link type is `smart` and is not valid for `absolute` links. The `appContext` field and value will be sent to the SMART app as part of the [OAuth 2.0][OAuth 2.0] access token response, alongside the other launch context when the SMART app is launched.
410
410
411
411
### Example
412
412
@@ -590,3 +590,4 @@ As another example, an extension defined on the discovery response could look li
0 commit comments