Issues with the Epic Sandbox and retrieving user identity using fhir-client.js

[Colin Rhodes]

Hi all,

I'm working inside the Epic Sandbox to prototype out some FHIR apps.  Part of my work is to get the user context using the smart.user.read() method.  Unfortunately when I do this the user id that is returned does not contain a userid and a split method down in the fhir-client.js causes an error.

I've been through the documentation carefully and checked my launch scopes include openid and profile.

Has anyone else seen this issue and does anyone have advice on how to proceed?

All the best,

Colin.

[Michele Mottini]

Copying to Epic support e-mail

Not sure what smart.user.read() does - can you see the id_token in the response?

  - Michele

  CareEvolution Inc

--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhir+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Colin Rhodes]

Hi Michelle,

Thanks for the reply!

It does appear that I have a valid access token coming back and it's not expired.  So the OAuth side of things looks right.

The smart.user.read method is supposed to give me access to the logged in user's context.  I'm using the documentation from here - I guess I'll need to dig through the sample apps some more to see what I can find.

All the best,

Colin

  CareEvolution Inc

To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.

[Michele Mottini]

I don't understand where the library is expecting to get the user data from (and which user data).

If you specify the 'openid profile' scopes the server should return a second token (beside the auth one) called id_token that contains user details - see OpenID Connect specs for details

  - Michele

  CareEvolution Inc

[Colin Rhodes]

Oh, and BTW - everything works great in the Cerner sandbox.

[Preston Marshall]

Did you ever get this figured out? It doesn't appear that Epic actually supports OpenID connect.

[Preston Marshall]

Thanks for following up. The reason I am interested is that each clinical/provider user of our application has user-specific settings, and we need to know who is actually using our application so we can customize how the application looks and works. I believe I saw the "user=ARGONAUT" or something similar passed along when testing with the Launch tool, but it did not appear to be signed in any way. The reason it needs to be signed is that anyone could potentially access a SMART/FHIR callback endpoint, and the additional security of the OpenID signed token adds another layer of security to the authentication process.

Thanks,

Preston

On Thu, Aug 3, 2017 at 2:49 PM, open.epic - Inquiries <op...@epic.com> wrote:

Hi Preston,

 

Epic currently does not support OpenID Connect, or the smart.user.read() scope. While we are actively investigating these as enhancements to our existing platform, we do not have an estimate for when these features will be available.

 

That being said, what information are you looking for in the logged in user context? The reason I ask is that we have a few non-standard options on passing additional context – either as part of the token response, or as part of the launch itself.

 

Best,

Weiyu Zhang

Epic | Electronic Data Interchange (EDI) Engineer | we...@epic.com | 608.271.9000

[Travis Cummings]

Does Epic have a method for identifying the user?  Something like first/last name or email address or employee id or anything that would let an app associate a session with a specific user of the application?

[Ahmed Inam]

Hi Colin,
Are you able to get user context using the smart.user.read() method as I am also not able to get userId value which causes an error. All I need is the user context using the application at that time.

Best,

Ahmed