MediRecords FHIR Implementation Guide
1.4.2 - release
GET {MRAPP_BASE_URL}/oauth/smartauth/authorize
This endpoint initiates the SMART on FHIR authorization process and is one of the response parameters
of the /.well-known/smart-configuration endpoint
The SMART App calls this endpoint in order to obtain an authorisation code which it will use to request for a token.
| Query Parameters | ||
|---|---|---|
| response_type | string | The grant type that the client is expecting. Currently only supports: code |
| client_id | string | The client identifier for the registered SMART App |
| redirect_uri | string | The redirect URI for the registered for the SMART App |
| launch | string | The opaque launch identifier provided in the launch request which must match the stashed launch context. |
| scope | string | Space delimited list of authorization scopes requested by the SMART App |
| state | string | An unpredictable unique identifier used by the (SMART App) client to maintain state between the request and callback. It correlates the authorization request with the subsequent redirect response. |
| aud | string | Base URL of the FHIR server the App is requesting access. This is our new FHIR server base url. |
| code_challenge (optional) | string | PKCE code challenge generated by the SMART App. |
| code_challenge_method (optional) | string | Method used for the code_challenge parameter. This is mandatory if code_challengeis provided. Currently only supports: S256 |
The MR Authorization Server supports the following scopes:
For the latest list of supported scopes, please refer to the smart-configuration endpoint.
The response is a redirect (302 Found) to the redirect_uri provided by the SMART App in the request.
On success, the response will have the following query parameters appended:
| Response Parameters | ||
|---|---|---|
| code | string | The authorization code generated by the authorization server. The authorization code needs to expire shortly after it is issued to mitigate the risk of leaks. |
| state | string | The exact value received from the client (SMART app). |
HTTP/1.1 302 Found
Location: https://example.smart.app/after-auth?
code=123abc&
state=98wrghuwuogerg97
On error, the response will have the following query parameters appended:
| Response Parameters | ||
|---|---|---|
| error | string | Error code as per table below |
| error_description | string | Description of error as per table below |
| state | string | The exact value received from the client (SMART app). |
| error | error_description | Description |
|---|---|---|
| invalid_scope | requested scope is invalid | Scope requested is malformed or invalid |
| invalid_request | invalid launch id | Launch record is not found |
| missing required parameter(s): {parameter list} | Missing required parameters | |
| invalid aud parameter | invalid aud parameter | |
| invalid code_challenge_method, only S256 is supported | invalid code_challenge_method | |
| unauthorized_client | client_id {client_id} is not registered or authorized | Client_id not found/authorised |
| server_error | internal server error | Unexpected server error |
In the example below, error parameter is invalid_request and error_description is url encoded “invalid aud parameter”
HTTP/1.1 302 Found
Location: https://example.smart.app/after-auth?
error=invalid_request&
error_description=invalid%20aud%20parameter
state=98wrghuwuogerg97