Backend Services Authorization Support

56 views
Skip to first unread message

Jason Whitehead

unread,
Mar 29, 2020, 4:34:54 PM3/29/20
to Cerner FHIR Developers
What is the status of your SMART on FHIR backend services authorization flow and does it use JWT as specified by SMART IT?

With the number of devices that can connect, various versions of FHIR standards such as R2, R3, R4, etc..., and all the different EMR/EHR systems it is not always practical for provider or customer facing applications to talk directly to them. We are looking at building a REST API to allow all our different devices to talk to that then will talk to all the different FHIR services and be able to handle different versions based on the configuration of that provider. This is why the non interactive authorization is absolutely necessary and why so many are asking about it.

Thanks,
Jason

Michele Mottini

unread,
Mar 29, 2020, 6:37:25 PM3/29/20
to Cerner FHIR Developers
There is  https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system, that gives you the same functionality

  - Michele
  CareEvolution Inc


Jason Whitehead

unread,
Mar 31, 2020, 5:19:11 PM3/31/20
to Cerner FHIR Developers
So I have looked at this part of the documentation and it is not very clear as to exactly how to do this. I have a system account but I only have a client_id, app_id, and secret so I do not have a username and password as far as I am aware of that I can use for the basic auth. The spec talks about an alternative of passing the client_id and secret in the body but that is strongly NOT recommended. Cerner documentation does NOT do a great job of explaining how and instead just refers to the SMART on FHIR and OAuth specs in a lot of cases and the specs do not really explain ways of doing things either. I have looked at a ton of examples but none are working so can you please provide some guidance as to exactly how to do this properly.

Avery Allen (Cerner)

unread,
Mar 31, 2020, 5:45:39 PM3/31/20
to Cerner FHIR Developers
Hi Jason,

There's a recent thread that goes over how to request a token on behalf of a system that I think should clear things up for you:


Let me know if that helps.

Thanks,

Avery

Jason Whitehead

unread,
Mar 31, 2020, 6:43:25 PM3/31/20
to Cerner FHIR Developers
Thanks very much that helped a lot and I finally was able to get a token
Reply all
Reply to author
Forward
0 new messages