SMART App Launch
HL7 implementation guide for launching apps against a FHIR server, healthcare app authorization.
Definition
SMART App Launch defines how an app obtains an OAuth 2.0 access token from a FHIR server's authorization endpoint, plus a launch context (e.g. the in-context patient or encounter). It supports the EHR launch (started from inside an EHR) and the standalone launch (started from the app). Context is requested with scopes such as launch, launch/patient and openid fhirUser, and returned alongside the token.
Origin
Published by HL7 as the SMART App Launch implementation guide (current normative release STU 2.x), building on the work of the SMART Health IT project; it profiles OAuth 2.0 (RFC 6749) and OpenID Connect Core.
Example in context
GET [authorize]?response_type=code&client_id=app123&scope=launch/patient%20patient/*.rs%20openid%20fhirUser&aud=https://ehr/fhir&...
Related terms
- SMART clinical scopes — the scope syntax it negotiates.
- .well-known/smart-configuration — how the app discovers its endpoints.