igia

igia

  • Documentation
  • Stay Informed
  • Community

›SMART on FHIR

igia

  • Platform Overview
  • Getting Started
  • Architecture
  • How To Create An App
  • FAQ
  • Contributing
  • Licensing
  • Healthcare Disclaimer
  • HIPAA Support
  • Component List
  • Releases

    • Release-0.3.1
    • Release-0.3.2
    • Release-0.3.3
  • Known Issues
  • Acknowledgements

Sample App

  • Sample App API
  • Sample App UI

Microservice Platform

  • Microservice Gateway
  • Key Cloak (OAuth)

    • README
    • Usage
    • Introduction
  • Orchestrator

SMART on FHIR

  • Overview
  • FHIR API Example
  • FHIR API HAPI Config

    • README
    • Usage
    • Introduction

    SMART Launch App

    • README
    • Usage

Care Management

  • Overview
  • Care Management
  • Camunda Workflow Engine

Data Integration

  • Overview
  • Data Integration App
  • Data Integration Config
  • Data Integration Worker

Tools

  • igia Common Libs
  • Docs Website
  • Data Masking

I2b2 & CDI

  • Overview
  • CDI Usage

igia-platform / igia-smart-launch-app

Simple standalone patient context selector that allows searching for a patient by identifier (MRN), name, date of birth or gender. This is a React frontend with a JHipster microservice backend. The Keycloak SMART authenticator is configured to redirect to this application for patient selection during the authorization process when 'launch/patient' scope is provided. Communication between Keycloak and the selector is modeled on the mechanism used by Keycloak to communicate with external identity providers, such as Google or Facebook.

The SMART authenticator provides the following query parameters to the launch application on redirect:

  1. "aud": Encoded FHIR base URL to search for patients.
  2. "access_token": Valid OAuth access token provided by Keycloak to use for patient search against FHIR server. This is required for the Authorization header to the backend Java microservice calls for use in the FHIR client.
  3. "token": Keycloak generated callback URL to redirect back to Keycloak after a patient is selected. The encoded URL should include a placeholder parameter with the value "{APP_TOKEN}" for the selector to insert a signed launch context JWT to return to Keycloak.
http://localhost:9000/#/patient?token=http%3A%2F%2Flocalhost%3A8080%2Fauth%2Frealms%2Figia%2Fprotocol%2Fsmart-openid-connect%2Fsmart-launch-context%3Fsession_code%3DqgqOShVCjZ0fnUgjP8abPQ9XbrDhNeY933XRfieoBFs%26client_id%3Dsmart-client-app%26tab_id%3D68Hqz1II7mw%26auth_session_id%3Dd0394dcb-4825-40ab-9807-8dc5c22c2ed8%26execution%3D09e7bbea-be91-4a09-bd17-c23f6e43cf60%26app-token%3D%257BAPP_TOKEN%257D&aud=http%3A%2F%2Flocalhost%3A8081%2Fapi&access_token=eyJhbGciO...

Any launch context parameters gathered by the app, in this case "patient", will be added as a claim to a JWT token that is signed and sent back to Keycloak in the callback URL {APP_TOKEN} parameter. The JWT token signature will be verified by Keycloak to ensure the callback endpoint is being called by a valid launch app. The launch app backend service should be configured with properties as below, with secret-key and algorithm used to sign the launch context JWT token to send back to Keycloak. The same key should be used in the SMART authenticator configuration property 'External SMART Launch Secret Key' within Keycloak. Currently only HS256 decryption is supported in the authenticator. The launch app backend service should also be configured with a list of trusted host/ports allowed in the callback URL. If the provided callback URL does not have a match in this list, the service will return a bad request rather than redirecting to the untrusted URL.

igia:
  smart-launch:
    secret-key: aSqzP4reFgWR4j94BDT1r+81QYp/NYbY9SBwXtqV1ko=
    alg: HS256
    trusted-redirects:
      - 
        host: localhost
        port: 9080
      - 
        host: keycloak
        port: 9080 

This will redirect to Keycloak using the token URL provided in the initial parameters.

http://localhost:8080/auth/realms/igia/protocol/smart-openid-connect/smart-launch-context?session_code=qgqOShVCjZ0fnUgjP8abPQ9XbrDhNeY933XRfieoBFs&client_id=smart-client-app&tab_id=68Hqz1II7mw&auth_session_id=d0394dcb-4825-40ab-9807-8dc5c22c2ed8&execution=09e7bbea-be91-4a09-bd17-c23f6e43cf60&app-token=eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjAsIm5iZiI6MCwiaWF0IjowLCJwYXRpZW50IjoiMTIzNDUifQ.edaeLvGPoSfvy51Z-UhHvcdXMjro4Omn6Nl02r8Zyls

Java microservice

Launch app backend service calls

GET /api/patient

Request

|Parameter|cardinality|description| |--- |--- |--- |--- |--- | |aud|1..1|FHIR server base URL.| |mrn|0..1|Patient MRN, to be used to search FHIR Patient resource identifier list.| |first|0..1|Patient given name. Will be used to search FHIR patient resources using case-insensitive left match.| |last|0..1|Patient family name. Will be used to search FHIR patient resources using case-insensitive left match.| |birthdate|0..1|Patient date of birth, in ISO 8601 format yyyy-MM-dd.| |gender|0..1|Patient gender (male, female, other, unknown).|

Response

Content-type: json array

|Field|cardinality|description| |--- |--- |--- |--- |--- | |id|1..1|FHIR Patient resource id.| |mrn|0..1|Value of first item from FHIR Patient resource identifier list.| |first|0..1|Given name from first item in FHIR Patient resource name list. If multiple given names will return concatenated list.| |last|0..1|Family name from first item in FHIR Patient resource name list.| |birthdate|0..1|Patient date of birth in ISO-8601 format, for example "2000-10-10T00:00:00Z".| |gender|0..1|Patient gender (male, female, other, unknown).|

GET /api/patient/{id}

Request

|Parameter|cardinality|description| |--- |--- |--- |--- |--- | |id|1..1|FHIR Patient resource id| |token|1..1|Callback URL provided by Keycloak. Must include a parameter with value "{APP_TOKEN}". This parameter value will be replaced with a signed, encoded JWT token that includes the context variables provided by the selector as JWT claims.|

Response

Body: Callback URL to redirect back to Keycloak, with signed app token.

See Sample igia-smart-launch-app callback above for format of response body.

Last updated on 7/29/2019
← READMEOverview →
  • Java microservice
    • GET /api/patient
    • GET /api/patient/{id}
igia    igia
Enabling the development, deployment, and sharing of healthcare technology.

Logo Design By GillFishmanDesign.com Cambridge, Massachusetts

Copyright © 2020
"igia" is a trademark of the igia.io project.
Documentation
Getting StartedLicenseDisclaimerFAQ
Community
Discussion ForumPlatform Users
Contact us at
More
GitHubStar