Provider username from launch of provider facing app from outside of powerchart?

[Kevin Maloy]

Hi --

How does one get the provider username/id/name for a provider facing app that is launched outside of powerchart?

Is it passed back in some way after auth?

Sorry if I am missing something obvious.

kevin.

[Michele Mottini]

Specify the openid profile scopes, you get the information in the id_token (see open id specs)

  - Michele

  CareEvolution Inc

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-developers+unsub...@googlegroups.com.
To post to this group, send email to cerner-fhir-developers@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/20ce9312-852d-472d-b793-7dcf5df54214%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[kevin maloy]

thanks!  

On Tue, Jan 9, 2018 at 11:40 AM Michele Mottini <mi...@careevolution.com> wrote:

Specify the openid profile scopes, you get the information in the id_token (see open id specs)

  - Michele

  CareEvolution Inc

On Tue, Jan 9, 2018 at 11:22 AM, Kevin Maloy <mal...@gmail.com> wrote:

Hi --

How does one get the provider username/id/name for a provider facing app that is launched outside of powerchart?

Is it passed back in some way after auth?

Sorry if I am missing something obvious.

kevin.

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/20ce9312-852d-472d-b793-7dcf5df54214%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/CAMK4NFM11UnCi_UJOYE%3DngUDFXxFWC%3DZRRQoj0y4J-11ADsDvg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

mobile.

[Jenni Syed (Cerner)]

Note: In order to read the actual Practitioner record (if desired), you'll also want the user/Practitioner.read scope. The name itself is returned in the id_token, so if that's all you need, the app won't need to read the FHIR resource.

[Kevin Maloy]

Thanks ... got the token and decoded ... 

I see "sub" and "user -> principal" as username now

What identifier do you toss to user/Practitioner.read to get the actual firstName lastName?  

Thanks again,

k.

[Michele Mottini]

The 'profile' claim should contain the URL of the resource with all the details

  - Michele

  CareEvolution Inc

--

You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-developers+unsub...@googlegroups.com.
To post to this group, send email to cerner-fhir-developers@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/1e77b922-2ac0-4042-94ee-955441b60f05%40googlegroups.com.

[Jenni Syed (Cerner)]

The app should pull the id_token from the authorization response. An example of what's contained is here:

{
  "sub": "portal",
  "aud": "...",
  "profile": "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Practitioner/4464007",
  "iss": "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/oidc/idsps/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/",
  "name": "Portal, Portal",
  "exp": ...,
  "iat": ...,
  "fhirUser": "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Practitioner/4464007"
}

You can get the name from the name field, rather than reading the user info. To read the actual user, use the URL returned in either the profile or fhirUser field - this is the link to the FHIR Resource that represents the user.

~ Jenni

[kevin maloy]

can you get profile and/or fhirUser from a non-powerchart launch?

k.

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-developers+unsub...@googlegroups.com.
To post to this group, send email to cerner-fhir-developers@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/1930681e-2fb8-4b2b-9502-769b552ac405%40googlegroups.com.

[Jenni Syed (Cerner)]

Yes, the example above is what I received by only requesting openid, profile, and user/Practitioner.read in scopes. There was no SMART launch involved.

This is a capability that was somewhat recently added.

~ Jenni

[kevin maloy]

got it.

i was being dumb and using the access_token and not the id_token decoded.

thanks!

[brian scholl]

Jenni,

How to retrieve First/Last name of provider?  Or, how to decode it?

my tokenresponse  using: console.log(smart.tokenResponse);

access_token: "eyJraWQiOiIyMDE4LTAxLTEyVD..... and so on"
code: "035943d9-7d07......and so on"
expires_in:570
id_token: "eyJraWQiOiIyMDE4LTAxLTEyV......"
need_patient_banner:true
patient:"4478007"
..
..

I can get username with this code :

var obj = {};
// retrieve username
obj.username = smart.tokenResponse.username;



..

[Kol Kheang (Cerner)]

Brian,

You can decode the id_token with a JWT library.  In the token you should see a 'name' field in there.  You can use https://jwt.io site learn more.  On that site, there are lots of libraries that you can use to decode a JWT token.

Another method is to use the "user" id field in the token and call the Practitioner resource to get the first name and last name.  Here is an example using the open endpoint: https://fhir-open.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Practitioner?_id=4464007.

Thanks,

Kol

EDIT: 

You can also get fhirUser field after decoding the JWT token.  This field is the URL to a Practitioner FHIR resource URL.

Example:

"fhirUser": "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Practitioner/4464007"

[kevin maloy]

put the random looking letters for id_token into:

https://jwt.io/

they also have a javascript library to decode on front end. 

k. 

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/527570ac-1cec-4990-90e1-2d8d9cceaa42%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

mobile.

[brian scholl]

Thanks. Got it working.

[Brenda Chin]

Hi,

One follow-up question regarding the name.  Is the name always <Last Name>, <First Name>?  Would it be reasonable for me to assume that I can parse it out with the comma and render it in my application as separate fields?

Thanks,

Brenda

[Michele Mottini]

You can get the separate first and last name (as well as a lot of other details) from the Practitioner resource as described by Kol

  -Michele

  CareEvolution Inc