This page is part of the FHIRcast (v3.0.0-ballot: STU3 (v3.0.0) Ballot 1) based on FHIR (HL7® FHIR® Standard) R4. The current version which supersedes this version is 2.0.0. For a full list of available versions, see the Directory of published versions
A session is an abstract concept representing a shared workspace, such as user’s login session over multiple applications or a shared view of one application distributed to multiple users. FHIRcast requires a session to have a unique and opaque identifier. This identifier is exchanged as the value of the hub.topic
parameter. Before establishing a subscription, an application must know the hub.topic
and the hub.url
which contains the base URL of the Hub.
Systems SHOULD use SMART on FHIR to authorize, authenticate, and exchange initial shared context. If using SMART, following a SMART on FHIR EHR launch or SMART on FHIR standalone launch, the application SHALL request and, if authorized, SHALL be granted one or more FHIRcast OAuth 2.0 scopes. Accompanying this scope grant, the authorization server SHALL supply the hub.url
and hub.topic
SMART launch parameters alongside the access token and other parameters appropriate to establish initial shared context. Per SMART, when the openid
scope is granted, the authorization server additionally sends the current user’s identity in an id_token
.
Although FHIRcast works best with the SMART on FHIR launch and authorization process, implementation-specific launch, authentication, and authorization protocols may be possible. If not using SMART on FHIR, the mechanism enabling the application to discover the hub.url
and hub.topic
is not defined in FHIRcast. See other launch scenarios for guidance.