Got access token back:
{
"access_token": "29141724124...",
"patient": "123"
}
Assumption: somehow the app knows this is Patient/abc
in the external system.
The problem: today, apps can ask to learn about an existing context, but apps can't set that context themselves.
(also SMART on FHIR)
Start a new OAuth authorization process to connect to external system.
Redirect the browser to:
/authorize?
client_id=my-app&
scopes=patient/GeneticVariant.read&
patient=abc <-- We currently have no way to say this!
Alternatively: assume the app doesn't know the patient's external identifier. Then we need, sigh, patient matching of some kind.
E.g. pass in a list of
Patient.identifier
(drivers license, med rec, social security, etc...)
General solution:
API like
POST /$smart.create-launch
{
"patient": {
"resourceType": "Patient",
"identifier": [{MRN, etc...}]
}
}
Returning
{
"launch": {"valueString": "17248172942"},
"multiple-matches": {"valueBooelean": false},
"no-matches": {"valueBooelean": false},
}
Then use this launch id in the normal authorization flow.