OAuth 2.0 Tutorial

Share

Covered by this topic

OAuth 2.0 Overview

OAuth 2.0 is the industry standard for allowing external applications access to protected resources. See References for more about OAuth

App Registration

Applications can be registered within the Login Trusts editor within the EHR. Contact your implementation specialist for assistance as it requires special permissions to add Login Trusts to a system.

If you have access to the Login Trust screens in your system, use the information below for 3rd party endpoints:

Creating a 3rd party endpoint for FHIR in WebChart

Example screenshot of Create/Edit Login Trust in webchart:

FINISH THE CONFIG

Note: The “allowed options” does not have the checkbox for FHIR. SQL is required to enable FHIR.

Data Points

  • A set of production credentials (id and secret) to access your production environment for your clients (Location 1 and 3 in Screenshot)
  • Location 2 in Screenshot should be the redirect URL to the 3rd party app after validation.
  • Make sure Key Format is PEM and Digest is SHA1 (Location 4 in Screenshot).

Patient Standalone Launch

Registered applications can utilize the OAuth 2.0 authorization code workflow in order to access the EHR.

Utilizing applications conforming to the SMART launch workflow, users will be directed to the EHR’s Scope confirmation page.

On this page, individual accesses may be customized or denied altogether.

If allowed, the application will then be permitted to access the user’s data via the FHIR API.

EHR Launch

The Quickview contains a FHIR Launch portlet which allows launching configured applications.

Navigate to the Quickview sidemenu tab

Open the Select Portlets manager

Select the FHIR Launch portlet

Utilizing the links to the configured applications present in the FHIR Launch portlet will allow EHR Practitioner access to those applications.

Revocation of Access

Users may revoke access to any applications previously granted access via the Token Administration tool.

SMART Backend Services

Applications may utilize the FHIR Bulk access workflow order to consume EHR resources.

The EHR supports authentication of JWT access tokens via out of band supplied JWKS url.

Additional Information

  • PKCE is not currently supported.

References

https://en.wikipedia.org/wiki/OpenID#OpenID_Connect_(OIDC)

https://oauth.net/2

https://pm.mieweb.com/issues/106834

https://pm.mieweb.com/issues/71437

Did this doc help you?

Enterprise Health Documentation

Last Updated:

Last Build: Fri, 26 Jul 2024 20:10:50 UTC
WikiGDrive Version: dd69069d725fca5f553df7ded62e130a49d49ca6