We are pleased to announce that we now support SMART App Launch version 2.0.0 features. You can now select which version of the SMART App Launch specification that a newly registered application follows. Existing registered applications have been backfilled as version 1, therefore, a new registration will need to be submitted to leverage the new version 2.0.0 capabilities outlined below. We highly encourage application developers to use version 2.0.0 going forward.
See https://hl7.org/fhir/smart-app-launch/STU2/index.html for more information about version 2.0.0.
The current deployment supports the following key SMART App Launch version 2.0.0 features:
- Applications shall support Proof Key for Code Exchange (PKCE).
- Scope permissions are more specific as create, read, update, delete, and search.
Upcoming Features
Support for finer-grained resource constraints and POST-based authorization is coming later in the year.
For patient-facing applications, patients can optionally use search parameters to impose finer-grained resource constraints. The Oracle Health implementation of this feature is limited to the `category` search parameter for the Condition and Observation FHIR resources, for the categories listed in the HHS Assistant Secretary for Technology Policy and Office of the National Coordinator for Health IT’s (ASTP/ONC) HTI-1 Final Rule (https://www.federalregister.gov/d/2023-28857/p-1245).
For example, if your application requests patient/Condition.rs, it might receive patient/Condition.rs?category=http://terminology.hl7.org/CodeSystem/condition-category|health-concern in response, if the patient decides to limit your application's access to include only the Health Concerns category of Conditions.
Stay tuned for additional updates on the deployment of finer-grained resource constraints.