I'm new to Cerner. I'm working to integrate our imaging analysis/capture and reporting tool. The goal is for a provider to be able to push a pdf report to a patient's record. I'm going to overshare a little in the hopes of providing some documentation to others that wasn't super obvious to me, and be guided on best practices.
After reading about the two sandboxes, I'm working in the secure sandbox. The public sandbox is read only and I need to write. Our app is an Electron desktop app, so I decided to integrate using the fhirclient library referenced in the code examples. I completed app registration as Application Type: Provider, Type of Access: Online, Application Privacy: Public, Products: Millennium, API Access: DocumentReference: Write and provided a redirect url that allows the browser to launch our desktop app via custom protocol handler. Our app is a desktop solution so I modeled it on the SMART standalone app. This is why we request the ‘launch/patient’ and ‘launch/encounter’ scope.
Using fhirClicnt to build the authorization request I sent this:
https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/personas/provider/authorize/authorization-code?response_type=code&client_id=<MYCLIENTID>scope=launch%2Fencounter+launch%2Fpatient+profile+fhirUser+online_scope+patient%2FDocumentReference.write&redirect_uri=<MYURL>&aud=https%3A%2F%2Ffhir-ehr-code.cerner.com%2Fr4%2Fec2458f2-1e24-41c8-b71b-0e701af7583d&state=ZPI8JV9vI89doucw
While this document has patient logins, I was unable to find a provider login except on the old forum. There, folks mention portal/portal.
I arrive at the auth screen in my system's default browser and enter those creds. This kicks out a launch of our application with via out custom protocol yielding these args of interest:
error=access_denied
error_uri=https://authorization.cerner.com/errors/urn:cerner:error:authorization-server:oauth2:grant:missing-patient/instances/af1c3f87-6792-457b-9eb3-cc4ad59ccb92?persona=provider
I didn't get an opportunity to select a patient or an encounter. I need to get those so I can properly post the PDF report.
What's the best approach here?
Is it possible to setup a SMART App Launch in the secure sandbox? How does this get setup in production?
Our application typically works off the dicom modality worklist and has access to patientid and assession number ect there. Can/should I use that data to reliably resolve the patient and encounter?
Should we fallback to allowing folks to browse for patients and auto reduce that list based on information that we have?
Thanks.
-s