Get authorization endpoints and launch capabilities
/.well-known/smart-configuration
The server uses the well-known Uniform Resource Identifier (URI) to convey the Substitutable Medical Applications and Reusable Technologies (SMART) authorization endpoints and launch capabilities.
This operation supports the following authorization types:
- Provider
- Patient
- System
Request
-
Accept(required): string
The media type to be requested. Refer to what the resource's operation produces for what is supported.
Response
- application/json+fhir
Default Response
The request is an HTTP GET operation with a URL formed by appending /.well-known/smart-configuration to the base URL. Soarian Clinicals provides two versions of the well-known URI: one for consumer applications and another for provider and bulk data or system applications.
- Patient Persona:
GET https://fhir-myrecord-sc.[domainname]/r4/[tenant-id]/.well-known/smart-configuration
Example:
GET https://fhir-myrecord-sc.devcerner.com/r4/4d8f311a-00a9-4133-a765-14e51625f5b4/.well-known/smart-configuration
GET https://fhir-ehr-sc.[domainname]/r4/[tenant-id]/.well-known/smart-configuration
Example:
GET https://fhir-ehr-sc.devcerner.com/r4/4d8f311a-00a9-4133-a765-14e51625f5b4/.well-known/smart-configuration
Response:
The response differs for each persona: patient versus provider or system. The response is a JSON document of the type application/json. The response includes the following metadata:
Metadata | Description | Patient Persona | Provider or System Persona |
---|---|---|---|
authorization_endpoint | URL to the authorization endpoint. | Y | Y |
token_endpoint | URL to the token endpoint. | Y | Y |
token_endpoint_auth_methods_supported | An array of client authentication methods supported by the token endpoint. | Y | Y |
token_endpoint_auth_signing_alg_values_supported | JSON array containing a list of the JSON web signature (JWS) signing algorithms (???alg??? values) supported by the token endpoint for the signature on the JSON web token (JWT) used to authenticate the client at the token endpoint for the ???private_key_jwt??? and ???client_secret_jwt??? authentication methods. | Y | |
scopes_supported | An array of scopes that a client application can request. | Y | Y |
response_types_supported | An array of supported OAuth2 response_type values. | Y | Y |
management_endpoint | An endpoint where a user can view which applications currently have access to data and make adjustments to those access rights. | Y | Y |
introspection_endpoint | The URL to a server???s introspection endpoint that can validate a token. | Y | Y |
Capabilities | An array of strings representing SMART capabilities that the server supports. | Y | Y |
Response Example for Patient Persona:
{
"authorization_endpoint": "https://authorization.sandboxcerner.com/tenants/3f2aca24-87f3-4eac-a6d7-1f75247e6b43/protocols/oauth2/profiles/smart-v1/personas/patient/authorize",
"token_endpoint": "https://authorization.sandboxcerner.com/tenants/3f2aca24-87f3-4eac-a6d7-1f75247e6b43/hosts/fhir-myrecord-sc.cerner.com/protocols/oauth2/profiles/smart-v1/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"scopes_supported": [
"launch/patient",
"openid",
"fhiruser",
"offline-access",
"online-access",
"user/AllergyIntolerance.read",
"user/Binary.read",
"user/CarePlan.read",
"user/CareTeam.read",
"user/Condition.read",
"user/Device.read",
"user/DiagnosticReport.read",
"user/DocumentReference.read",
"user/Encounter.read",
"user/Goal.read",
"user/Immunization.read",
"user/MedicationRequest.read",
"user/Observation.read",
"user/Organization.read",
"user/Patient.read",
"user/Practitioner.read",
"user/Procedure.read",
"user/Provenance.read",
"patient/AllergyIntolerance.read",
"patient/Binary.read",
"patient/CarePlan.read",
"patient/CareTeam.read",
"patient/Condition.read",
"patient/Device.read",
"patient/DiagnosticReport.read",
"patient/DocumentReference.read",
"patient/Encounter.read",
"patient/Goal.read",
"patient/Immunization.read",
"patient/MedicationRequest.read",
"patient/Observation.read",
"patient/Patient.read",
"patient/Procedure.read",
"patient/Provenance.read"
],
"response_types_supported": [
"code"
],
"management_endpoint": "https://authorization.sandboxcerner.com/tenants/3f2aca24-87f3-4eac-a6d7-1f75247e6b43/personas/patient/my-authorizations",
"introspection_endpoint": "https://authorization.sandboxcerner.com/tokeninfo",
"capabilities": [
"launch-standalone",
"client-public",
"client-confidential-symmetric",
"sso-openid-connect",
"context-banner",
"context-style",
"context-standalone-patient",
"permission-offline",
"permission-patient",
"permission-user"
]
}
Response Example for Provider and System Personas:
{
"authorization_endpoint": "https://authorization.sandboxcerner.com/tenants/3f2aca24-87f3-4eac-a6d7-1f75247e6b43/protocols/oauth2/profiles/smart-v1/personas/provider/authorize",
"token_endpoint": "https://authorization.sandboxcerner.com/tenants/3f2aca24-87f3-4eac-a6d7-1f75247e6b43/hosts/fhir-ehr-sc.cerner.com/protocols/oauth2/profiles/smart-v1/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"RS384",
"ES384"
],
"scopes_supported": [
"launch",
"openid",
"fhiruser",
"offline-access",
"online-access",
"user/AllergyIntolerance.read",
"user/Binary.read",
"user/CarePlan.read",
"user/CareTeam.read",
"user/Condition.read",
"user/Device.read",
"user/DiagnosticReport.read",
"user/DocumentReference.read",
"user/Encounter.read",
"user/Goal.read",
"user/Immunization.read",
"user/MedicationRequest.read",
"user/Observation.read",
"user/Organization.read",
"user/Patient.read",
"user/Practitioner.read",
"user/Procedure.read",
"user/Provenance.read",
"patient/AllergyIntolerance.read",
"patient/Binary.read",
"patient/CarePlan.read",
"patient/CareTeam.read",
"patient/Condition.read",
"patient/Device.read",
"patient/DiagnosticReport.read",
"patient/DocumentReference.read",
"patient/Encounter.read",
"patient/Goal.read",
"patient/Immunization.read",
"patient/MedicationRequest.read",
"patient/Observation.read",
"patient/Patient.read",
"patient/Procedure.read",
"patient/Provenance.read",
"system/AllergyIntolerance.read",
"system/Binary.read",
"system/CarePlan.read",
"system/CareTeam.read",
"system/Condition.read",
"system/Device.read",
"system/DiagnosticReport.read",
"system/DocumentReference.read",
"system/Encounter.read",
"system/Goal.read",
"system/Immunization.read",
"system/MedicationRequest.read",
"system/Observation.read",
"system/Organization.read",
"system/Patient.read",
"system/Practitioner.read",
"system/Procedure.read",
"system/Provenance.read"
],
"response_types_supported": [
"code"
],
"management_endpoint": "https://authorization.sandboxcerner.com/tenants/3f2aca24-87f3-4eac-a6d7-1f75247e6b43/personas/provider/my-authorizations",
"introspection_endpoint": "https://authorization.sandboxcerner.com/tokeninfo",
"capabilities": [
"launch-ehr",
"launch-standalone",
"client-public",
"client-confidential-symmetric",
"sso-openid-connect",
"context-banner",
"context-style",
"context-ehr-encounter",
"context-ehr-patient",
"permission-offline",
"permission-patient",
"permission-user"
]
}
-
X-Request-Id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the
X-Request-Id
, if present. -
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, provide the
opc-Request-Id
, if present.