SHOF Flow
SMART HTI On FHIR
Last updated
Was this helpful?
SMART HTI On FHIR
Last updated
Was this helpful?
The Koppeltaal Server authorises applications, not users. This is a mismatch with the (SALF). For example, the SALF flow always expects to return a user-level access_token
. With SMART HTI On FHIR (SHOF), an access_token
will also be returned, only this is a no-op
token.
SMART HTI On FHIR (SHOF) uses the HTI token as the launch
parameter value. This means that the launching party can reuse all logic during a launch. The main differences between HTI and SHOF are:
SHOF uses the launch
parameter to pass the context as a HTI token, where HTI uses the token
parameter to pass the context as a HTI token
SHOF is based on an international standard: .
SHOF performs an additional check on the logged-in user during the /authorize
step, using a shared IdP. This prevents a launch token from being intercepted and executed. The user identifier contained in the launch token is compared to the identifier of the logged in user on the IdP.
A .
The user performing the launch must have an account on the shared IdP, the username has to be present on the corresponding user Resource (Patient
, Practitioner
, or RelatedPerson
).