SMART HTI Test Suite - Portal

① The FHIR task

  • info_outline info_outline

    The task object in HTI standard makes use of a subset of the FHIR Task object. The object is used in the launch as requests workflow pattern.

    Please keep in mind that the HTI launch forbids any personal information about the users to be exchanged in the launch, eventough the FHIR Task does allow details of the user to be exchanged.

    Task identifier (id)
    The unique identifier of the task, needs to be pesistent over time.
    Activity identifier (definitionReference.reference)
    The reference to the activity associated with the task.
    For type (for.reference)
    The type part of the user reference, for example Practitioner/xyz.
    This field is moved to the sub field as of version 1.1
    Intent(intent)
    The required field intent, must be one of Value set request-intent. If unknown, use the plan value.
    Status(status)
    The required field status, , must be one of Value set task-status. If unknown, use the requested value.

② The JWT Message

  • info_outline info

    The JWT message contains the FHIR Task and the JWT fields to ensure the flexible and secure exchange. The JWT message has the following fields:

    The FHIR task (task)
    The FHIR task as nested field. This field is populated by the values from the FHIR Task section.
    Subject (sub)
    The "sub" (Subject) field contains the value of the intended subject (user) of this launch.
    Audience (aud)
    The "aud" (Audience) field contains the value of the intended receiver of the message, in this case the module.
    Issuer (iss)
    The Issuer (iss) field contains the value of the sender of the message, in this case this portal.
    Issed at (iat)*
    The "iat" (issued at) claim identifies the time at which the JWT was issued.
    Expiration Time (exp)*
    The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.
    JWT ID (jti)*
    The "jti" (JWT ID) claim provides a unique identifier for the JWT.

    * fields are populated autmatically.

③ The module

  • info_outline info

    The launch URL is the endpoint of the module that receives the incoming request as a form post, with the JWT token encoded in the form post in the token field.

Public key

  • info_outline info

    The JWT message is signed by a private key as part of a public / private key combination, the public key of that public private key combination is available here. The public key is required to validate the JWT message.