FHIRcast logo

FHIRcast
3.0.0-ballot - STU 3 Ballot International flag

This page is part of the FHIRcast (v3.0.0-ballot: STU3 (v3.0.0) Ballot 1) based on FHIR (HL7® FHIR® Standard) R4. The current version which supersedes this version is 2.0.0. For a full list of available versions, see the Directory of published versions

Session Discovery

A session is an abstract concept representing a shared workspace, such as user’s login session over multiple applications or a shared view of one application distributed to multiple users. FHIRcast requires a session to have a unique and opaque identifier. This identifier is exchanged as the value of the hub.topic parameter. Before establishing a subscription, an application must know the hub.topic and the hub.url which contains the base URL of the Hub.

Systems SHOULD use SMART on FHIR to authorize, authenticate, and exchange initial shared context. If using SMART, following a SMART on FHIR EHR launch or SMART on FHIR standalone launch, the application SHALL request and, if authorized, SHALL be granted one or more FHIRcast OAuth 2.0 scopes. Accompanying this scope grant, the authorization server SHALL supply the hub.url and hub.topic SMART launch parameters alongside the access token and other parameters appropriate to establish initial shared context. Per SMART, when the openid scope is granted, the authorization server additionally sends the current user’s identity in an id_token.

Although FHIRcast works best with the SMART on FHIR launch and authorization process, implementation-specific launch, authentication, and authorization protocols may be possible. If not using SMART on FHIR, the mechanism enabling the application to discover the hub.url and hub.topic is not defined in FHIRcast. See other launch scenarios for guidance.