Extension/Support for Smart on FHIR on top of OAuth and Open ID Connect using Keycloak

Is there a way to build an extension on top of Keycloak’s OAuth and Open ID to implement SMART on FHIR - http://hl7.org/fhir/smart-app-launch/conformance/index.html#launch-context-for-standalone-launch
http://hl7.org/fhir/smart-app-launch/index.html#smart-authorization-sequence

Idea is to accept additional request parameter with authorization code flow (launch) and when generating the response for access token, set some additional custom parameters as part of access token response (but not as part of access_token field value).

So far all the extensions I found, it allows addition custom fields in the access token value itself. We may need an additional field like “patient” as part of access token response. So it may look like following.

{
  "access_token": "i8hweunweunweofiwweoijewiwe",
  "token_type": "bearer",
  "expires_in": 3600,
  "scope": "patient/Observation.read patient/Patient.read",
  "intent": "client-ui-name",
  "patient":  "123",
  "encounter": "456"
}

Is it something that can be developed and implemented as extensions in KC or does it already have some support for this?

Any suggestions are appreciated!

Have you looked at this project https://github.com/igia/igia-keycloak?

Yes. Thanks, I looked at it. It helps for standalone launches. I was trying to see, if there’s one implemented for EHR launch as well?

@sagarshah1983 yes, you can add the additional parameter in access token. Please take a look link. Hope this will helpful.

@sagarshah1983 will you able to connect to EHR?
I am also wondering the comment from @theanandankit , how that will help to connect to EHR?

Hi @jigneshmpatel ,
I did not evaluate with keycloak any further than this. There were some options suggested in that link from @theanandankit , but I did not go that route as we implemented this using another OIDC provider.

Thank you. Can inform me the name of OIDC provider.

We used Ory Hydra as OIDC provider