How do you add the Smart on Fhir 'client-confidential-asymmetric' capability

Radu Purdea 0 Reputation points
2024-01-23T19:19:14.2266667+00:00

I have successfully followed the steps for Smart on Fhir in Azure Health Data services following this sample: https://github.com/Azure-Samples/azure-health-data-and-ai-samples/tree/main/samples/smartonfhir This works fine and I was able to see the smart on fhir access tokens per system/resource scopes. I am now trying to have a SMART backend service (https://build.fhir.org/ig/HL7/smart-app-launch/backend-services.html) to do the same, using client_credentials grant_type to get an access token from a backed service without user interaction: https://www.hl7.org/fhir/smart-app-launch/backend-services.html#step-1-register It asks that I register my app with an asymmetric key and add the 'client-confidential-asymmetric' capability for the FHIR service. How exactly is this done within Azure? The /.well-known/smart-configuration url should return something like so: https://www.hl7.org/fhir/smart-app-launch/example-backend-services.html#step-2-discovery to be able to use a signed JWT access token to exchange for an actual Smart on Fhir access token. Any guidance on this is greatly appreciated. Thank you.

Azure Health Data Services
Azure Health Data Services
An Azure offering that provides a suite of purpose-built technologies for protected health information in the cloud.
166 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JananiRamesh-MSFT 27,836 Reputation points
    2024-01-29T18:36:32+00:00

    @Radu Purdea Thanks for reaching out. please refer this doc for creating app registration https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application

    To fully support SMART on FHIR, we do need some additional azure resources provisioned. There are some limitations with Microsoft Entra ID currently in that it does not support the syntax of SMART on FHIR scopes.  We do have some documentation and a sample which goes over what is needed: azure-health-data-and-ai-samples/samples/patientandpopulationservices-smartonfhir-oncg10 at main · Azure-Samples/azure-health-data-and-ai-samples · GitHubthis is an involved process, and best done by someone familiar with Azure and Entra ID.

    The above mentioned is designed to meet not only SMART on FHIR, but also g(10) certification. So, it may be slightly more than your needs.  

    Note: we do not currently support "write" scopes in SMART.  It is is read-only support at the moment.

    Also, we have recently released support for B2C, which does use SMART on FHIR scopes, but doesn't yet fully support all aspects of SMART: Use Azure Active Directory B2C to grant access to the FHIR service in Azure Health Data Services | Microsoft Learn

    do let me know incase of further queries, I would be happy to assist you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.