SMART App Launch v2.2

Launch your app against the platform.

Enter your app's launch URL, choose scopes and a patient. The sandbox acts as the EHR — constructing the real SMART EHR Launch URL your app receives, with iss and launch parameters.

Your application

App Launch URL (required)

The URL where your SMART app receives the EHR launch

Client ID

Registered client in the sandbox Auth Server

Launch type

Patient context

Requested scopes

Resolved scope string

launch openid fhirUser patient/Patient.rs patient/Observation.rs

What this does

The full SMART EHR launch flow

Real PKCE + OAuth 2.0 flow

The launch URL carries a real launch opaque token and iss parameter. Your app exchanges these at auth.sandbox.ajfhir.org using PKCE S256.

Scope enforcement on every request

The RS256 JWT your app receives has a scope claim. SmartScopeInterceptor validates it against every FHIR request — try removing a scope to see a 403.

Patient context binding

The access token contains patient as a SMART v2.2 top-level claim. P. Kumar's Observations, Consent, and referral Task are all pre-seeded and queryable.

ATNA audit event written

Every launch writes a FHIR AuditEvent to the sandbox. Open the Scenarios page audit trail to see your launch event alongside the clinical session events.