Comments (5)
Sent the following email to CVS Health and Epic:
CVS Health FHIR endpoint does not correctly implement Smart-on-Fhir (Redirect to Logout)
Hi,
I'm trying to connect to the CVS Health (Org ID: 1829) R4 FHIR Endpoint. However the OAuth flow is not working correctly. Unlike other organizations using Epic/MyChart, visiting the CVS OAuth2 authorize page will start a series of redirects that seems to reset/logout the oauth session and ends with the patient portal login page, at which point there is no prompt to provide permissions/access to my 3rd party application.
Here's the redirect order that I was able to determine:
https://retailepicfhir.cvshealth.com/FhirProxy/oauth2/authorize?redirect_uri=https%3A%2F%2Flighthouse.fastenhealth.com%2Fv1%2Fcallback%2Fepic&response_type=code&response_mode=fragment&state=XXXXXXXXXX&client_id=ZZZZZZZZZZZZZZZZZ&scope=fhirUser+openid+profile&aud=https%3A%2F%2Fretailepicfhir.cvshealth.com%2FFhirProxy%2Fapi%2Ffhir%2FR4&code_challenge=XXXXXXXXXX&code_challenge_method=S256
https://mychart.minuteclinic.com/MyChartPRD/Authentication/OAuth/Start?org=&redirect_uri=https%3A%2F%2Flighthouse.fastenhealth.com%2Fv1%2Fcallback%2Fepic&response_type=code&response_mode=fragment&state=XXXXXXXXXX&client_id=ZZZZZZZZZZZZZZZZZ&scope=fhirUser+openid+profile&aud=https%3A%2F%2Fretailepicfhir.cvshealth.com%2FFhirProxy%2Fapi%2Ffhir%2FR4&code_challenge=XXXXXXXXXX&code_challenge_method=S256
https://mychart.minuteclinic.com/MyChartPRD/Home/LogOut?postlogoutmode=oauthlogin&skipAbandonCurrent=1
https://mychart.minuteclinic.com/MyChartPRD/bye.asp?postlogoutmode=oauthlogin&skipAbandonCurrent=1&hideText=1
https://mychart.minuteclinic.com/MyChartPRD/default.asp?action=logout&mode=oauthlogin&liteMode=true
https://mychart.minuteclinic.com/MyChartPRD/Authentication/Login?action=logout&mode=oauthlogin&liteMode=true
I'll update once I hear back from them.
from fasten-onprem.
Same.
https://open.epic.com/MyApps/Endpoints
shows this endpoint
https://retailepicfhir.cvshealth.com/FhirProxy/api/FHIR/DSTU2/
but the open smart vaccine card initiative at
https://github.com/the-commons-project/vci-directory/blob/main/vci-issuers.json
has this for CVS
https://retailepicfhir-uat.cvshealth.com/FhirProxyTST/api/epic/2021/Security/Open/EcKeys/32001/SHC
Notice the -uat in the hostname. Preprod if you do systems architecture stuff. The TST in FhirProxyTST is also interesting.
Finally, I'm sure this is also useful
https://developer.cvshealth.com/apis
from fasten-onprem.
Thank you for updating this. If you get this working, I think there would be value in adding CVS' vaccine card and lab test result API as a unique provider in fasten (URL listed in my comment), assuming they host that API separately and haven't just moved everything over there. Not sure if they serve up the QR codes via the API or if fasten would need to generate one from the JSON data returned.
from fasten-onprem.
Yeah, the Smart Vaccine Cards are a feature that I'd like to support with Fasten as well. Currently immunization & vaccination information is available in the Patient Profile page (not in Smart Vaccine Card format however).
from fasten-onprem.
CVS/MinuteClinic integration is working correctly now.
from fasten-onprem.
Related Issues (20)
- Pre-Release Notes v1.1.2
- Configurable Logout
- [Provider Request]: OneMedical HOT 1
- [Provider Request]: Polyclinic HOT 1
- [Bug]: Error connecting with Sutter Health and Epic Import
- [Bug]: Aetna Login Requires PHI Release for HOT 2
- Tag For Postmessage API
- [Bug]: Error While Importing from Fastmed HOT 2
- [Bug]: syncing health records from Mt Sinai HOT 1
- Record Locator Service - alternative way to find patient & their associated healthcare institutuions
- Pre Release - v1.1.3
- non-USA healthcare providers? HOT 1
- [Bug]: Medical Source for Palms Medical group does not go to the correct url HOT 2
- [Bug]: Unitedhealthcare Request Fails HOT 1
- Feature Request: Integration of Pet Medical Records in Fasten Health HOT 1
- [Bug]: Anthem CA cannot add source HOT 4
- [Bug]: Sutter Health fails to connect HOT 7
- Use Metriport's CCDA-FHIR Converter
- [Provider Request]: Coho Medical Group
- [Provider Request]: Living Well Health Center
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fasten-onprem.