SHOF Flow

SMART HTI On FHIR

The Koppeltaal Server authorises applications, not users. This is a mismatch with the SMART App Launch Framework (SALF). For example, the SALF flow always expects to return a user-level access_token. With SMART HTI On FHIR (SHOF), an access_token will also be returned, only this is a no-op token.

SMART HTI On FHIR (SHOF) uses the HTI token as the launch parameter value. This means that the launching party can reuse all logic during a launch. The main differences between HTI and SHOF are:

SHOF uses the launch parameter to pass the context as a HTI token, where HTI uses the token parameter to pass the context as a HTI token
SHOF is based on an international standard: SMART App Launch Framework.
SHOF performs an additional check on the logged-in user during the /authorize step, using a shared IdP. This prevents a launch token from being intercepted and executed. The user identifier contained in the launch token is compared to the identifier of the logged in user on the IdP.

Requirements

A JWKS endpoint must be available.
The user performing the launch must have an account on the shared IdP, the username has to be present on the corresponding user Resource (Patient, Practitioner, or RelatedPerson).

Information Flow

Topics

TOP-KT-007 - Koppeltaal Launch

PreviousHTI Flow NextCompose a launch

Last updated 2 months ago