hansenms/AAD-Proxy-Flow

## AAD-Proxy-Flow
title FHIR Server AAD Proxy Flow

EHR->APP: GET /?iss=https://fhir&launch=eyJ0e...
APP->FHIR: GET /metadata
FHIR->APP: Capability Statement
APP->AAD Proxy: Redirect /authorize?launch=eyJ0e...&client_id=app-id&scope=..
note over AAD Proxy: Decode launch JWT\nStore patient, encounter, etc.
AAD Proxy->AAD: Redirect /authorize?client_id=app-id
AAD->AAD Proxy: GET /callback?code=XYZ123&state=...
note over AAD Proxy: Retrieve patient, etc.\nCreate code JWT with\ncode, patient, encounter, etc.
AAD Proxy->APP: GET /callback?code=eyJ0...&state
APP->AAD Proxy: POST /token
note over AAD Proxy: Decode JWT\nGet code
AAD Proxy->AAD: POST /token
AAD->AAD Proxy: access token response
note over AAD Proxy: decorate access token\nresponse with patient, etc.
AAD Proxy->APP: enhanced access token response
APP->FHIR: GET /Patient/123 (with token)
	title FHIR Server AAD Proxy Flow

	EHR->APP: GET /?iss=https://fhir&launch=eyJ0e...
	APP->FHIR: GET /metadata
	FHIR->APP: Capability Statement
	APP->AAD Proxy: Redirect /authorize?launch=eyJ0e...&client_id=app-id&scope=..
	note over AAD Proxy: Decode launch JWT\nStore patient, encounter, etc.
	AAD Proxy->AAD: Redirect /authorize?client_id=app-id
	AAD->AAD Proxy: GET /callback?code=XYZ123&state=...
	note over AAD Proxy: Retrieve patient, etc.\nCreate code JWT with\ncode, patient, encounter, etc.
	AAD Proxy->APP: GET /callback?code=eyJ0...&state
	APP->AAD Proxy: POST /token
	note over AAD Proxy: Decode JWT\nGet code
	AAD Proxy->AAD: POST /token
	AAD->AAD Proxy: access token response
	note over AAD Proxy: decorate access token\nresponse with patient, etc.
	AAD Proxy->APP: enhanced access token response
	APP->FHIR: GET /Patient/123 (with token)