In order to use access control you need an Identity Provider that can provide OAuth2 tokens with claims that conform to SMART on FHIR. In a production scenario, you typically already have such an identity provider. It could be the EHR system, the Active Directory, or a provider set up specifically for let’s say a Patient Portal. It is also very well possible that the provider handing the correct claims uses a federated OAuth2 provider to do the authentication.
Creating SMART on FHIR conformant tokens and handling all protocol details related to a SMART app launch requires dedicated support which generic authorization servers do not offer. Firely provides Firely Auth, an external authorization service optimized for SMART on FHIR.
Firely Auth is licensed separately from the core Firely Server distribution. Please contact Firely to get the license.
Your license already permits the usage of Firely Auth if it contains
http://fire.ly/server/auth. You can also try out Firely Auth using an evaluation license with a limited uptime.
To allow you to test access control, we provide you with instructions to build and run Firely Auth in which you can configure the necessary clients, claims and users yourself to test different scenarios.