You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/1.0.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -111,7 +111,7 @@ Field | Optionality | Type | Description
111
111
`hook` | REQUIRED | *string* | The hook that triggered this CDS Service call<br />(todo: link to hook documentation)
112
112
<nobr>`hookInstance`</nobr> | REQUIRED | *string* | A UUID for this particular hook call (see more information below)
113
113
`fhirServer` | OPTIONAL | *URL* | The base URL EHR's [FHIR](https://www.hl7.org/fhir/) server. If fhirAuthorization is provided, this field is REQUIRED. The scheme should be `https`
114
-
`fhirAuthorization` | OPTIONAL | *object* | A structure holding an OAuth 2.0 bearer access token granting the CDS Service access to FHIR resources, along with supplemental information relating to the token. See the [FHIR Resource Access](#fhir-resource-access) section for more information.
114
+
`fhirAuthorization` | OPTIONAL | *object* | A structure holding an [OAuth 2.0][OAuth 2.0] bearer access token granting the CDS Service access to FHIR resources, along with supplemental information relating to the token. See the [FHIR Resource Access](#fhir-resource-access) section for more information.
115
115
`user` | REQUIRED | *string* | The FHIR resource type + id representing the current user.<br />The type is one of: [Practitioner](https://www.hl7.org/fhir/practitioner.html), [Patient](https://www.hl7.org/fhir/patient.html), or [RelatedPerson](https://www.hl7.org/fhir/relatedperson.html).<br />For example, `Practitioner/123`
116
116
`context` | REQUIRED | *object* | Hook-specific contextual data that the CDS service will need.<br />For example, with the `medication-prescribe` hook this will include [MedicationOrder](https://www.hl7.org/fhir/medicationorder.html) being prescribed. For details, see the [Hooks specification](http://cds-hooks.org/hooks/).
117
117
`prefetch` | OPTIONAL | *object* | The FHIR data that was prefetched by the EHR (see more information below)
@@ -293,7 +293,7 @@ The CDS Service is able to use the EHR's FHIR server to obtain any FHIR resource
293
293
294
294
Like SMART on FHIR, CDS Hooks requires that clients present a valid access token to the FHIR server with each API call. Thus, a CDS Service must be able to obtain an access token before communicating with the EHR's FHIR resource server. While CDS Hooks shares the underlying technical framework and standards as SMART on FHIR, the CDS Hooks workflow must accommodate the automated, low-latency delivery of an access token to the CDS service.
295
295
296
-
With CDS Hooks, if the EHR wants to provide the CDS Service direct access to FHIR resources, the EHR creates an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with OAuth 2.0's bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The EHR remains in control of creating an access token that is associated with the specific CDS Service, user, and context of the invocation. As the CDS Service executes on behalf of a user, the data to which the CDS Service is given access by the EHR MUST BE limited to the same restrictions and authorizations afforded the current user. As such, the access token SHALL BE scoped to:
296
+
With CDS Hooks, if the EHR wants to provide the CDS Service direct access to FHIR resources, the EHR creates an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with [OAuth 2.0's][OAuth 2.0] bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The EHR remains in control of creating an access token that is associated with the specific CDS Service, user, and context of the invocation. As the CDS Service executes on behalf of a user, the data to which the CDS Service is given access by the EHR MUST BE limited to the same restrictions and authorizations afforded the current user. As such, the access token SHALL BE scoped to:
297
297
298
298
- The CDS Service being invoked
299
299
- The current user
@@ -304,11 +304,11 @@ The access token is specified in the CDS Service request via the OPTIONAL `fhirA
304
304
305
305
Field | Optionality | Type | Description
306
306
----- | ----- | ----- | -----------
307
-
`access_token` | REQUIRED | *string* | This is the OAuth 2 access token that provides access to the FHIR server.
307
+
`access_token` | REQUIRED | *string* | This is the [OAuth 2.0][OAuth 2.0] access token that provides access to the FHIR server.
`expires_in` | REQUIRED | *integer* | The lifetime in seconds of the access token.
310
310
`scope` | REQUIRED | *string* | The scopes the access token grants the CDS Service.
311
-
`subject` | REQUIRED | *string* | The OAuth 2.0 client identifier of the CDS Service, as registered with the EHR's authorization server.
311
+
`subject` | REQUIRED | *string* | The [OAuth 2.0][OAuth 2.0] client identifier of the CDS Service, as registered with the EHR's authorization server.
312
312
313
313
The scopes granted to the CDS Service via the `scope` field are defined by the [SMART on FHIR specification](http://www.hl7.org/fhir/smart-app-launch/scopes-and-launch-context/).
314
314
@@ -408,7 +408,7 @@ Field | Optionality | Type | Description
408
408
<nobr>`label`</nobr>| REQUIRED | *string* | Human-readable label to display for this link (e.g. the EHR might render this as the underlined text of a clickable link).
409
409
`url` | REQUIRED | *URL* | URL to load (via `GET`, in a browser context) when a user clicks on this link. Note that this may be a "deep link" with context embedded in path segments, query parameters, or a hash.
410
410
`type` | REQUIRED | *string* | The type of the given URL. There are two possible values for this field. A type of `absolute` indicates that the URL is absolute and should be treated as-is. A type of `smart` indicates that the URL is a SMART app launch URL and the EHR should ensure the SMART app launch URL is populated with the appropriate SMART launch parameters.
411
-
`appContext` | OPTIONAL | *string* | An optional field that allows the CDS Service to pass context regarding the launch of this SMART app from the CDS card to the SMART app. The `appContext` field should only be valued if the link type is `smart` and is not valid for `absolute` links. The `appContext` field and value will be sent to the SMART app as part of the OAuth 2 access token response, alongside the other launch context when the SMART app is launched.
411
+
`appContext` | OPTIONAL | *string* | An optional field that allows the CDS Service to pass context regarding the launch of this SMART app from the CDS card to the SMART app. The `appContext` field should only be valued if the link type is `smart` and is not valid for `absolute` links. The `appContext` field and value will be sent to the SMART app as part of the [OAuth 2.0][OAuth 2.0] access token response, alongside the other launch context when the SMART app is launched.
412
412
413
413
### Example
414
414
@@ -592,3 +592,4 @@ As another example, an extension defined on the discovery response could look li
0 commit comments