On this page:

4.4SMART on FHIR Apps


Smile CDR can be used as a host for deploying SMART on FHIR Apps.

On this page, we will be using Smile CDR to launch a SMART on FHIR App (or SMART App). To accomplish this, we will be using Smile CDR to perform in three primary roles:

  • As a SMART App Host: The demonstration app we are using is a static web app that obtains data using AJAX requests. Smile CDR will simply act as a basic web server, serving static content in this role.
  • As a SMART IdP (OAuth2/OpenID Connect server): In this role, users attempting to sign into a SMART App will be presented with an app login screen provided by Smile CDR. This login screen will ask for credentials then verify that the user wishes to authorize the app to access data on their behalf, and that the user has appropriate permission to actually access the FHIR data that the app claims to need.
  • As a FHIR Endpoint: In this role, Smile CDR will respond to requests for FHIR data from the app. When the user signs in through the OAuth2 server, they receive a bearer token. This token is checked with each request to ensure that the user has appropriate permissions for the data they are trying to access. In addition, all access to data is logged in the audit log.

SMART on FHIR Architecture

– The rest of this page is only relevant for users with access to Smile CDR's Web Admin Console. Feel free to keep reading or skip ahead to [Processing HL7 v2.x Feeds](./processing_hl7_v2x_feeds.html)!

4.4.1Accessing the Web Admin Console


First we need to sign into the Web Admin Console. This console can be used by administrators to configure almost all aspects of the system. Access the console using the appropriate URL:

– In a fresh self-hosted instance the username will be `admin`, and the password will be `password`. You should change these credentials before using Smile CDR in production with real data.http://localhost:9100
– For a cloud-hosted demo instance, use the credentials that you were provided. If you have any questions about accessing the Web Admin Console, please let us know!https://example.smilecdr.com:9100/

To log into the console, enter your admin credentials.

4.4.2Creating a Client Definition


To support launching and authorizing a SMART App, we will need to create a client definition.

In the Web Admin Console, click on Config -> OpenID Connect Client. You should now see a window like the following:

OpenID Connect Clients

If you do not see the growth_chart client in the list, you will need to create it.

Creating a Client Definition in Web Admin Console

Note: Alternatively, you may choose to create a client definition with Smile CDR's JSON Admin API.

Create a new client definition by clicking on Create Client. Set the following details:

Client ID
Client Name
Client Secret (none)
Authorized Grant Types Implicit
Authorization Code
Access Token Validity
Refresh Token Validity
– Authorized Redirect URLs
– Authorized Redirect URLs
SMART Scopes: Scopes
SMART Scopes: Auto-Approve Scopes (none)

Creating a Client Definition with JSON Admin API

Instead of manually creating the client definition, you can also use the JSON Admin API to create a client definition with the following cURL command:

```bash curl -X PUT \ --header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --data '{ "clientId": "growth_chart", "clientName": "Growth Chart", "allowedGrantTypes": [ "AUTHORIZATION_CODE" ], "accessTokenValiditySeconds": 3600, "refreshTokenValiditySeconds": 86400, "registeredRedirectUris": [ "http://localhost:9201/resources/cdr-smart-apps-growth-chart-app/" ], "scopes": [ "openid", "launch", "patient/*.read" ] }' http://localhost:9000/openid-connect-clients/Master/smart_auth/growth_chart ```
```bash curl -X PUT \ --header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --data '{ "clientId": "growth_chart", "clientName": "Growth Chart", "allowedGrantTypes": [ "AUTHORIZATION_CODE" ], "accessTokenValiditySeconds": 3600, "refreshTokenValiditySeconds": 86400, "registeredRedirectUris": [ "https://example.smilecdr.com:9201/resources/cdr-smart-apps-growth-chart-app/" ], "scopes": [ "openid", "launch", "patient/*.read" ] }' https://example.smilecdr.com:9000/openid-connect-clients/Master/smart_auth/growth_chart ```

4.4.3Launch SMART on FHIR Growth Chart App


Now that we've created a client definition, we're ready to launch a SMART on FHIR App.

The following URL is a SMART Launch URL. Note the following parameters:

  • iss – The base URL for the FHIR endpoint. The app will load the server capability statement from this endpoint, which allows it to figure out where to authorize.
  • launch – This is intended to be a one-time nonce. In a real scenario this would be randomly generated.
  • patientId – The ID of the patient whose data is being accessed.

You may open the following URL in a browser:


This URL will immediately redirect you to a Smile CDR login screen. The user whose credentials you use to log in must have the appropriate permission to read clinical data from the repository.

Use your admin credentials to sign in. You will be presented with a screen asking you to confirm that you wish to grant permission to the app.

Authorizing Application

Grant the app permission by clicking Authorize. The SMART on FHIR Growth Chart App will then launch. Neat!

Growth Chart SMART on FHIR App