Announcements

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

Updated Production Date - FHIR Access Token Change

Andrew Fagan-OracleAug 26 2024 — edited Oct 23 2024

Update: Oct 22 We have made the decision to postpone the implementation in production for a month. We are projecting the first week of December to implement the token change. We have also updated impact information with additional guidance in the impact section.

The implementation will remain in the public developer sandbox as well as client sandbox environments to allow for integration testing in the lead up to production.

We are writing to inform of a change coming to FHIR R4 and DSTU2 access tokens. The token endpoint and structure will be changing in preparation for an expanding ecosystem and SMART v2 capabilities.

Going forward the contents of the access token will be encrypted, and the token endpoints will refer consumers to a new endpoint. The token introspection endpoint should be leveraged to obtain the following details: token expiration, application client id, Millennium customer tenant id, and granted scopes.

Access tokens are, by specification, opaque and for most applications this will be a passive change. Applications going against standard and best practice may encounter errors.

The change will first be introduced in the public developer sandbox on September 26th, 2024. The change will be made generally available in the first week of December, 2024.

Key Dates to Note:

Announcement Date: August 26th, 2024
Developer Sandbox Effective Date: September 26th, 2024
Client Sandbox Effective Date: October 16th, 2024
General Availability Date: first week of December, 2024

What does this mean for you?

Affected Services: FHIR R4 access tokens
Impact: Applications that rely decoding access tokens will no longer be able to do so. Applications hardcoding authorization/token endpoints will begin to fail.
Client Guidance: No changes are being made to the FHIR workflow with this token change. FHIR API calls will behave the same after this change. Application developers will need to be aware of the change as it can impact internal processing of the application. The types of errors you will see if an application developer is decoding the token will be internal processing errors. Receiving a 400/500 class error from the FHIR service is not an impact of this change. Encourage your application developers to review this post and reach out with any questions/concerns.
Call to Action:
- Leverage CapabilityStatement for real time updates to token endpoint. Applications with hardcoded authorization/token endpoints are discouraged.
- Leverage token introspection endpoint, CapabilityStatement, to obtain token details if needed.

How we can help:

Resources: Please refer to our authorization documentation: https://docs.oracle.com/en/industries/health/millennium-platform-apis/fhir-authorization-framework/#authorization
Resources: Please refer to our capability statement documentation: https://docs.oracle.com/en/industries/health/millennium-platform-apis/mfrap/api-capabilitystatement.html
Support Channels: For any questions or assistance, reach out to our support: https://forums.oracle.com/ords/r/apexds/community/categories?domain=open-developer-experience

Locked Post

New comments cannot be posted to this locked post.

Locked on Aug 26 2024

Added on Aug 26 2024

0 comments

2,444 views