There is an OAuth 2 system called SMART on FHIR which is used for electronic health record (EHR) systems. OIDC is part of that, so I’ve setup this particular provider as an IdP so I can login to my system using credentials from the SMART on FHIR provider.
Now I need to do the next step, which is the SMART bit.
The idea with SMART is that you start from a session on the EHR (because all your billing, patient info and so on is there) and my system would provide a specific service, say analysis of ultrasound studies. So the doctor is looking at the records for some patient, and wants to look in greater detail at the ultrasounds my app provides. When he launches my app he needs to be logged into my system and looking at the correct study.
The flow looks like this (compiled from http://www.hl7.org/fhir/smart-app-launch/#smart-launch-sequence and http://www.hl7.org/fhir/smart-app-launch/#smart-authorization-sequence since I only get one image)
And if you look farther down that page you’ll see token refresh and all that.
i’m not an expert but some of that looks like how you communicate with an IdP. I would prefer to have KeyCloak manage the sessions with the EHR and simply pass the tokens i need to communicate with the EHR and the patient ID that comes with the access token response.
Any advice on how to do this would be greatly appreciated.