GET request to /fhir/auth/token
The authorize endpoint is used for Povider/Patient facing apps OAuth to request and obtain end user login and consent. The authorize endpoint temporarily redirects the end user to the our server login screen, and then is redirected back to the requesting app with an authorization code. The app then provides this authorization code to the token endpoint to obtain an access token.
SMART launch sequences supported.
| Parameter | Description |
|---|---|
client_id |
App's Client Id |
response_type |
Value is always code |
redirect_uri |
App's registered redirect uri |
aud |
FHIR Base Url |
scope |
App requested scopes. The value is a space-delimited, case-sensitive string of requested scopes. SMART App Launch Framework clinical scope syntax |
launch |
Required to launch a provider facing app. Unique app launch event that must match the launch parameter in your app's launch URL. |
state |
One time use random string provided by your app and subsequently returned by the authorize endpoint. |
code_challenge |
Required for token authentication using PKCE if your app cannot securely store a client secret. |
code_challenge_method |
Required for token authentication using PKCE if your app cannot securely store a client secret. The value is the encryption method used (e.g., "S256" if using SHA256 encryption). |
| Parameter | Description |
|---|---|
code |
The value is an authorization code required to make a token request. |
state |
Same parameter provided in your app's authorize request. |
