Koppeltaal 2.0 Dev Guide
  • Developer Guide
  • POC (Walking Skeleton)
    • Proof Of Concept
      • Koppeltaal Server
      • Domain Management
      • Auth Server
      • Koppeltaal IdP
      • Domain Access Test Suite
      • Koppeltaal Test Tooling
  • Domain access
    • Joining a domain
    • Role-based access control
      • Autorisation model
      • Creating a role
      • Search Narrowing
      • Revoke Permission
  • Technical HOW-TO
    • Koppeltaal Test Tooling
    • Request Koppeltaal server metadata
    • Connecting to Koppeltaal
      • Requirements
        • Create a key pair
        • Signing the JWT
        • JWKS setup
      • Access to Koppeltaal
    • Managing resources
      • Versioning
      • CRUD Operations
        • Retrieve all Resources
        • Retrieve specific Resource
        • Create a Resource
        • Update a Resource
        • Delete a Resource
      • Subscribing to changes
    • Launching
      • HTI Flow
      • SHOF Flow
      • Compose a launch
      • Initiating a launch
      • Receiving a HTI launch
        • Token introspection
      • Receiving a SHOF launch
    • Detailed technical guidance
  • Hackathon Use Cases
    • Requirements
      • Install and configure Yivi
    • Use-Cases
      • Use-Case 1: Create a Task
        • Create an ActivityDefinition
      • Use-Case 2: HTI Launch
      • Use-case 3: SHOF Launch
      • Use-case 4: Subscribing to changes
  • Useful Links
    • Simplifier Profiles
    • FHIR Docs
    • HTI documentation
    • GitHub
    • Koppeltaal 2.0 Specifications & Architecture
    • Koppeltaal 2.0 Implementation Guide
    • Koppeltaal 2.0 OpenAPI Specs
Powered by GitBook
On this page
  • Requirements
  • Information Flow
  • Topics

Was this helpful?

  1. Technical HOW-TO
  2. Launching

SHOF Flow

SMART HTI On FHIR

PreviousHTI FlowNextCompose a launch

Last updated 8 months ago

Was this helpful?

The Koppeltaal Server authorises applications, not users. This is a mismatch with the (SALF). For example, the SALF flow always expects to return a user-level access_token. With SMART HTI On FHIR (SHOF), an access_token will also be returned, only this is a no-op token.

SMART HTI On FHIR (SHOF) uses the HTI token as the launch parameter value. This means that the launching party can reuse all logic during a launch. The main differences between HTI and SHOF are:

  1. SHOF uses the launch parameter to pass the context as a HTI token, where HTI uses the token parameter to pass the context as a HTI token

  2. SHOF is based on an international standard: .

  3. SHOF performs an additional check on the logged-in user during the /authorize step, using a shared IdP. This prevents a launch token from being intercepted and executed. The user identifier contained in the launch token is compared to the identifier of the logged in user on the IdP.

Requirements

  1. A .

  2. The user performing the launch must have an account on the shared IdP, the username has to be present on the corresponding user Resource (Patient, Practitioner, or RelatedPerson).

Information Flow

Topics

TOP-KT-007 - Koppeltaal Launch
SMART App Launch Framework
SMART App Launch Framework
JWKS endpoint must be available
SMART HTI Flow
SMART HTI Flow