Broken LinksNotebooks
# Table of contents
Aidbox FHIR platform documentation
Getting Started
Tutorials
CRUD, Search Tutorials
Bulk API Tutorials
Security & Access Control Tutorials
RBAC
Terminology Tutorials
Validation Tutorials
Upload FHIR Implementation Guide
Aidbox UI
Integration Toolkit Tutorials
Other tutorials
## Overview
Aidbox user portal
Aidbox UI
## Configuration
## API
REST API
CRUD
Search
Custom Search Parameter
SearchParameter types
Search parameters list
Other
Other
Bulk API
Other APIs
Plan API
Provider Directory API
Archive/Restore API
## Modules
Profiling and validation
FHIR Schema Validator
Security & Access Control
Authentication
Access to AidboxUI
External identity providers
Authentication Flows
Access Control
Attribute-based Access Control (ABAC)
Label-based Access Control
SMART on FHIR
SMART Client Authorization
SMART Client Authentication
SMART (deprecated)
SMART on FHIR
Multitenancy
Patient data access API
Audit
Technical reference
Observability
Getting started
Logs
How-to guides
Tutorials
Technical reference
Metrics
How-to guides
Technical reference
Traces
Subscriptions
Aidbox topic-based subscriptions
Aidbox Forms
Aidbox UI Builder
Form creation
How-to guides
Printing forms
Embedding
Aidbox Code Editor (deprecated)
Define extensions
Custom Resources
Migrate to FHIR Schema
Aidbox terminology module
Concept
ValueSet
CodeSystem
Import external terminologies
SQL on FHIR
Integration toolkit
C-CDA / FHIR Converter
List of supported templates
HL7 v2 Integration
Analytics
Email Providers integration
SMARTbox | FHIR API for EHRs
Get started
The B11 Decision Support Interventions
How-to guides
Background information
Other modules
MDM
## Storage
AidboxDB
Other
S3-compatible storages
## Deployment and maintenance
Deploy Aidbox
Run Aidbox on Kubernetes
Backup and Restore
Indexes
## App development
Aidbox SDK
## Reference
Settings reference
Environment variables
Email Providers reference
Aidbox Forms reference
## Deprecated
Deprecated
Zen-related
RPC reference
aidbox
mdm
Aidbox configuration project
Aidbox Configuration project reference
US Core IG
Workflow Engine
Task
Workflow
FHIR conformance Deprecated guides
How to enable US Core IG
Terminology Deprecated Tutorials
zen-lang validator
FHIR topic-based subscriptions
API Reference
🏗️ FHIR Terminology Repository
Create an FTR instance
Entity / Attribute
Other
App Development Deprecated Tutorials
Receive logs from your app
Other Deprecated Tutorials

SMART on FHIR

Launch sequences

  1. Standalone launch
  2. 2. EHR launch (Portal)

Authorization flows

  1. authorization code for smart apps
  2. 2. \[WIP] client\_credentials for pre-authorized backend services

Client Authentication

  1. Symmetric (client secret)
  2. 2. \[WIP] Asymmetric (JWT)

Scopes

User Indentity

statusscopedescription
Activeopenid fhirUserThis pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect id_token claim. When the fhirUser scope is used, the ID Token will contain a claim (also called fhirUser) that contains a link to the FHIR Resource accociated with the logged in user.
Activeopenid profileThis pair of scopes permits the client to request details about the logged in user. They enable the OpenID Connect id_token claim. Using the profile scope is an alternative to the fhirUser scope discussed above, and is supported by Smile CDR, but it is deprecated in the SMART App Launch specification.

Refresh Tokens

status scope description
WIP online_access This scope permits that the client be issued a Refresh Token upon authentication, and permits the user to exchange the Refresh Token for an Access Token. This scope has no effect for clients that do not support the refresh_token grant type.
Active offline_access This scope permits that the client be issued a Refresh Token upon authentication, and permits the user to exchange the Refresh Token for an Access Token. This scope has no effect for clients that do not support the refresh_token grant type.

Patient-specific scopes

statusscopedescription
Activepatient/[resourceType].readThis scope permits the client to read (read/search) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation).

Smart on FHIR v1.
WIPpatient/[resourceType].writeThis scope permits the client to write (create/update) all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation).

Smart on FHIR v1.
WIPpatient/[resourceType].cThis scope permits the client to create all data for the given resource type for all patients on the server. Note that [resourceType] must be a valid FHIR Resource type (e.g. Observation).


Smart on FHIR v2.
Activepatient/[resourceType].rThis scope permits the client to read (read) all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation).

Smart on FHIR v2.
WIPpatient/[resourceType].uThis scope permits the client to update all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation).

Smart on FHIR v2.
WIPpatient/[resourceType].dThis scope permits the client to delete all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation).

Smart on FHIR v2.
Activepatient/[resourceType].sThis scope permits the client to search all data for the given resource type for all patients on the server. Note that [ResourceType] must be a valid FHIR Resource type (e.g. Observation).

Smart on FHIR v2.

Finer-grained resource constraints using search parameters

Aidbox supports scope restriction via query filters for patient-specific search scope (patient/Encounter.s). Aidbox transforms FHIR search parameters for search over resource types into query filter.

Example:

FHIR spec supports search parameter class for Encounter search operation.

GET [fhir-base-url]/Encounter?class=AMB

And these search parameter can be used in scope definition

patient/Encounter.s?class=AMB

User-level scopes

WIP

System-level scopes

WIP

Talk to a Health Samurai Engineer

If you'd like to learn more about using Aidbox or have any questions about this guide, connect with us on Telegram. We're happy to help.

\