MediRecords FHIR Implementation Guide
1.4.2 - release
POST {MRAPP_BASE_URL}/oauth/smartauth/token
This endpoint allows the SMART App to exchange an authorization code for an access token and ID token.
It is one of the response parameters of the /.well-known/smart-configuration endpoint
The access token is then used to access FHIR resources from the MR FHIR API.
| Query Parameters | ||
|---|---|---|
| grant_type | string | indicates to the authorization server which flow (grant type) is being used to request an access token. Currently only supports: authorization_code |
| code | string | This is the code parameter value returned in authorize response |
| redirect_uri | string | The redirect URI for the registered client of the SMART App. This is the same as the redirect_uri parameter in /authorize |
| code_verifier | string | PKCE code used to verify this request against the code_challenge provided in the preceding /authorize request. This is mandatory if code_challengewas provided in the previous /authorize cal |
| client_id | string | The client identifier for the registered SMART App. This is the same as the client_id parameter in /authorize |
On success the server returns the following parameters in a JSON payload:
| Response Parameters | ||
|---|---|---|
| access_token | string | The access token issued by the authorization server |
| token_type | string | Indicates the type of token issued, which defines how the access_token should be used when making authenticated requests. Currently only supports: Bearer |
| expires_in | number | Lifetime in seconds of the access token, after which the token shall not be accepted by the resource server |
| scope | string | Scope of access granted by the authorization request. Note that this can be different from the scopes requested by the app. |
| id_token | string | Authenticated user identity and user details, if requested. Returned only if openid scope granted |
| refresh_token (optional) | string | Token that can be used to obtain a new access token, using the same or a subset of the original authorization grants |
| patient (optional) | string | Patient guid in the launch context |
| encounter (optional) | string | Encounter guid in the launch context |
| fhirContext | object[] | An array of json objects which provides additional contextual information about the user’s session or launch environment, typically relating to FHIR resources relevant to the app’s operation. Entries in the array adhere to fhirContext |
| Status | Text | Error Description(s) |
|---|---|---|
| 200 | OK | Successful response |
| 400 | Bad Request | Redirect_uri mismatch |
| Missing required parameters | ||
| Unsupported grant type | ||
| Missing code_verifier | ||
| Code_verifier check fail/failed to consume authorization code | ||
| 401 | Unauthorized | Client_id not found/authorised |
| 500 | Internal Server Error | Unexpected server error |