** Note that all patient data is synthetic **

In [110]:
import requests
import base64

# Using `smart.argo.run`

In [78]:
SMART_BASE_URL = "https://smart.argo.run/v/r4/sim/eyJrIjoiMSIsImoiOiIxIiwiYiI6IjY4OTg5MmJkLWRjYmUtNDFmYy04NjUxLTM4YTFkMDg5Mzg1NCxmYzIwMGZhMi0xMmM5LTQyNzYtYmE0YS1lMDYwMWQ0MjRlNTUifQ/fhir/"
AUNDREA_GRANT_PATIENT_ID = "689892bd-dcbe-41fc-8651-38a1d0893854"
BRUNO_BERNHARD_PATIENT_ID = "fc200fa2-12c9-4276-ba4a-e0601d424e55"

## Scenario 0

In [79]:
DISCOVERY_PATH = ".well-known/smart-configuration"

In [80]:
smart_config = requests.get(SMART_BASE_URL + DISCOVERY_PATH).json()

Payload includes `permission_v2` and `authorize-post` capabilities ✔️:

In [81]:
smart_config["capabilities"]

['launch-ehr',
 'launch-standalone',
 'client-public',
 'client-confidential-symmetric',
 'context-passthrough-banner',
 'context-passthrough-style',
 'context-ehr-patient',
 'context-ehr-encounter',
 'context-standalone-patient',
 'context-standalone-encounter',
 'permission-offline',
 'permission-patient',
 'permission-user',
 'permission-v2',
 'authorize-post']

`code_challenge_methods_supported` includes `S256` ✔️:

In [82]:
smart_config["code_challenge_methods_supported"]

['S256']

`introscpection_endpoint` included ✔️:

In [83]:
smart_config["introspection_endpoint"]

'https://smart.argo.run/v/r4/sim/eyJrIjoiMSIsImoiOiIxIiwiYiI6IjY4OTg5MmJkLWRjYmUtNDFmYy04NjUxLTM4YTFkMDg5Mzg1NCxmYzIwMGZhMi0xMmM5LTQyNzYtYmE0YS1lMDYwMWQ0MjRlNTUifQ/auth/introspect'

## Scenario 1

Requesting `patient/Observation.rs` scope and being granted that scope ✔️:

*Using `AUNDREA_GRANT_PATIENT_ID` as user id*

In [96]:
authorize_url = smart_config["authorization_endpoint"]
token_url = smart_config["token_endpoint"]

redirect_uri = "http://localhost:8000/index.html"

client_id = "client_id"
client_secret = "client_secret"

aud = "&patient=689892bd-dcbe-41fc-8651-38a1d0893854"

scopes = "patient/Observation.rs"

authorization_redirect_url = "{}?client_id={}&response_type=code&scope={}&redirect_uri={}&aud=&aud_validated=1&patient={}".format(authorize_url, 
                                                                                                  client_id, 
                                                                                                  scopes, 
                                                                                                  redirect_uri,
                                                                                                  PATIENT_ID)
    
print("Navigate to: ", authorization_redirect_url + "\n")

authorization_code = input('authz code: ')

headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/json'}
data = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': redirect_uri, 'client_id': client_id}
access_token_response = requests.post(token_url, data=data, headers=headers)

print("\nScopes Granted: " + access_token_response.json()['scope'])

Navigate to:  https://smart.argo.run/v/r4/sim/eyJrIjoiMSIsImoiOiIxIiwiYiI6IjY4OTg5MmJkLWRjYmUtNDFmYy04NjUxLTM4YTFkMDg5Mzg1NCxmYzIwMGZhMi0xMmM5LTQyNzYtYmE0YS1lMDYwMWQ0MjRlNTUifQ/auth/authorize?client_id=client_id&response_type=code&scope=patient/Observation.rs&redirect_uri=http://localhost:8000/index.html&aud=&aud_validated=1&patient=689892bd-dcbe-41fc-8651-38a1d0893854

authz code: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOnRydWUsInNtYXJ0X3N0eWxlX3VybCI6Imh0dHBzOi8vc21hcnQuYXJnby5ydW4vL3NtYXJ0LXN0eWxlLmpzb24ifSwiY2xpZW50X2lkIjoiY2xpZW50X2lkIiwic2NvcGUiOiJwYXRpZW50L09ic2VydmF0aW9uLnJzIiwiaWF0IjoxNjEwNjU1NTkzLCJleHAiOjE2MTA2NTU4OTN9.6nmbFkDHMfipy6PmsyxECwHRU8cVAICHfm8ITB8ogSs

Scopes Granted: patient/Observation.rs


Can query for all `Observations` of a certain patient (this patient id I used came from `smart.argo.run`) ✔️:

In [109]:
headers = {"Authorization" : "Bearer " + access_token_response.json()['access_token']}
data_request_response = requests.get("{}Observation?patient={}".format(SMART_BASE_URL, AUNDREA_GRANT_PATIENT_ID), headers=headers)

print(data_request_response.text)

{
  "resourceType": "Bundle",
  "id": "8aa23c5e-67a8-430e-9bf8-8a5c0b850d4f",
  "meta": {
    "lastUpdated": "2021-01-14T15:32:07.188-05:00"
  },
  "type": "searchset",
  "total": 203,
  "link": [
    {
      "relation": "self",
      "url": "https://smart.argo.run//v/r4/fhir/Observation?patient=689892bd-dcbe-41fc-8651-38a1d0893854"
    },
    {
      "relation": "next",
      "url": "https://smart.argo.run//v/r4/fhir?_getpages=8aa23c5e-67a8-430e-9bf8-8a5c0b850d4f&_getpagesoffset=50&_count=50&_pretty=true&_bundletype=searchset"
    }
  ],
  "entry": [
    {
      "fullUrl": "https://smart.argo.run//v/r4/fhir/Observation/8fb94fcd-c371-4f93-95de-a60e8dc953df",
      "resource": {
        "resourceType": "Observation",
        "id": "8fb94fcd-c371-4f93-95de-a60e8dc953df",
        "meta": {
          "versionId": "4",
          "lastUpdated": "2020-11-28T02:14:12.947-05:00",
          "tag": [
            {
              "system": "https://smarthealthit.org/tags",
              "code": "sy