FHIR: What next after receiving client id and secret?

juggernautsei · June 16, 2024, 12:02am

@adunsulag
In our quest to build a patient-facing app, we followed the documentation below.
Here is where we are now getting through the documentation. We have the response back from the endpoint like what is shared on the page. We have the client ID and secret.

github.com

openemr/openemr/blob/60dc0eed33ef2ef21dd4ee8aab3be57c112f4048/API_README.md?plain=1#L214

      
        
                 ["https://client.example.org/callback"],
               "post_logout_redirect_uris":
                 ["https://client.example.org/logout/callback"],
               "client_name": "A Private App",
               "token_endpoint_auth_method": "client_secret_post",
               "contacts": ["me@example.org", "them@example.org"],
               "scope": "openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/transaction.read user/transaction.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read"
              }'
            ```
            
            
Response:
            ```sh
            {
                "client_id": "LnjqojEEjFYe5j2Jp9m9UnmuxOnMg4VodEJj3yE8_OA",
                "client_secret": "j21ecvLmFi9HPc_Hv0t7Ptmf1pVcZQLtHjIdU7U9tkS9WAjFJwVMav0G8ogTJ62q4BATovC7BQ19Qagc4x9BBg",
                "registration_access_token": "uiDSXx2GNSvYy5n8eW50aGrJz0HjaGpUdrGf07Agv_Q",
                "registration_client_uri": "https:\/\/localhost:9300\/oauth2\/default\/client\/6eUVG0-qK2dYiwfYdECKIw",
                "client_id_issued_at": 1604767861,
                "client_secret_expires_at": 0,
                "contacts": ["me@example.org", "them@example.org"],
                "application_type": "private",

The next section is labeled SMART on FHIR Registration. So, a web page is given. But what is the endpoint to register the client ID? What we are trying to achieve is the auto-enabling of the registered app.

We assumed that each patient who downloads the app will need to register that app with the instance of OpenEMR. Is that a correct assumption? The patient will not be logging into OpenEMR directly.

We will be making FHIR calls to get data from the system.
Thank you in advance.

adunsulag · June 18, 2024, 7:13pm

I’m confused by your question. The endpoint to register at is the registration endpoint mentioned in the registration section: https://localhost:9300/oauth2/default/registration

The SMART on FHIR Registration page is just a frontend GUI to make it easier for people to register a SMART on FHIR app because the scopes are pre-selected, it calls the exact same API endpoint for client registration.

Also, look at the documentation for 3rd party apps for what apps are auto-enabled by default: openemr/FHIR_README.md at master · openemr/openemr · GitHub

Also, I mispoke on the saturday call, you can leave the ‘launch’ parameter out since you are not launching inside the EHR context. Launch gives you the EHR context and since you won’t be doing anything needing EHR session context you can leave it out.