This specific fork of the project is intended to further expand on implementing the FHIR Smart App Launch inside a legacy desktop application (on Windows).
These types of systems are typically rich or fat clients, that directly connect to a database, or maybe through web services. This project is not intended to demonstrate how to create a FHIR Facade onto your existing system, there are other projects that do that. In this Smart Facade project, I leverage the fhir-net-web-api (NuGet package) to implement the FHIR server - so if you've already used that project, this will add in the Smart App launch capability quickly.
This demo show cases Smart Health IT's Pediatric Growth Application, a web application using the SMART on FHIR specification to access data from the EHR
The demo consist of four components:
- FHIR Server hosted in Azure - https://smart-fhir-api.azurewebsites.net/
- OAuth Server hosted in Azure - https://smart-auth.azurewebsites.net/.well-known/openid-configuration
- SMART on FHIR compliant web application - http://examples.smarthealthit.org/growth-chart-app/
- EHR Desktop application - which will be run by you on your desktop
Note: Step 4 and step 7 might take some time to execute if the web apps are cold started
- Set both Solution Platform and Platform Target in Visual Studio to x86 for the EHRApp project. This step is required because we use the CefSharp browser component.
- Start EHRApp
- Select File -> Open -> Patient
- In the Find who text field enter: Susan
- Select Susan Clark with Patient Id smart-1482713, click the button Open
- Susan Clark's Patient form is open and the EHR context is Susan Clark
- Select Tools -> Pediatric Growth Application.
- If a consent screen pops up, let the defaults be and press the button "Yes, allow". This will authorize the Pediatric Growth Application to access "your" data
- You have now started a web app which is running in the context of your EHR authorized by your EHR system to use your data
- Each Launch of a smart application for a patient will have it's own Launch Context, Fhir Facade instance, and Authentication API instance
- API instances aren't exposed to the HTTP layer, so there is no attach surface open outside the Legacy Application
- The cefsharp component provides the modern browser experience, without external dependencies
- The example proxy sample stuff going out to the external server kinda skips browser CORS stuff as the proxy directly calls the remote API, not through the browser
There are several things that your application will need to CORS is implemented to only permit access to it's facade by pages in the registered web app's domain (or others specifically registered for it)
Legacy EHR App
- Implementation of the Facade Model (System and Resource)
- Provide the User/Patient Context on App Launch
- Implement the Auth Verification - providing the User Identity Token
(CORS AuthProtocolHandler/SmartApplicationDetails) https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1#host-filtering
cefsharp documentation https://github.com/cefsharp/CefSharp/wiki/General-Usage#handlers