FHIR CoreStable

SMART on FHIR

OAuth 2.0 + OpenID Connect profile for FHIR apps. Defines launch flows (standalone, EHR-embedded), scopes (patient/*.read, user/*.write), and the capability statement extensions.

SMART on FHIR is how a patient-facing or clinician-facing app gets a per-user access token to an EHR's FHIR API without seeing the user's password.

Two launch modes:

1. Standalone launch — your app lives at its own URL; user signs in via the EHR's OAuth.

2. EHR launch — your app is embedded in the EHR (Epic AppMarket, Cerner Code, etc.) and gets a launch token.

Scope syntax: patient/Observation.read, user/MedicationRequest.write, launch/patient, offline_access.

For Cohort 00 builders: Medplum's sandbox supports SMART out of the box. For real EHRs, register at Epic's fhir.epic.com or Cerner's Code Console.

External links

→SMART App Launch spec →Epic FHIR docs