Finnish Implementation Guide for SMART App Launch
1.0.1-cibuild - ci-build
Finnish Implementation Guide for SMART App Launch, published by HL7 Finland ry. This guide is not an authorized publication; it is the continuous build for version 1.0.1-cibuild built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/fhir-fi/finnish-smart/ and changes regularly. See the Directory of published versions
Official URL: https://hl7.fi/fhir/finnish-smart/CapabilityStatement/fi-smart-server | Version: 1.0.1-cibuild | |||
Active as of 2023-11-09 | Computable Name: FiSmartServer |
This CapabilityStatement describes the basic rules for a server actor providing SMART App Launch in Finland.
Raw OpenAPI-Swagger Definition file | Download
Generated Narrative: CapabilityStatement fi-smart-server
json
, SHOULD support xml
application/json-patch+json
Note to Implementers: FHIR Capabilities
Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.
server
The server SHALL:
The server SHOULD:
This implementation guide relies heavily on the widely adopted SMART App Launch mechanism. This implementation guide does not define any new security mechanisms. Please familiarize yourself with the securty concepts infroduced in the SMART App Launch specification, and the underlying OpenID Connect and OAuth2 specifications the SMART App Launch specification build on.
- See the Best Practices outlined in the SMART App Launch specification.
- See the FHIR Security section of the FHIR specification for requirements and recommendations.
- A server SHALL reject any unauthorized requests by returning an HTTP
401 Unauthorized
,403 Forbidden
, or404 Not Found
response code.