SSO
Single Sign-on (SSO) allows applications on the Redox network to securely connect to other applications and share the login context for a user. The most common use case is a provider in an EHR launching an integrated application, and being automatically logged in, as well as passing context such as which patient and visit are open.
This is body of the JSON web token. Redox will use HMAC SHA256 as the hash algorithm.
The token will be sent in the Authorization header as a bearer token.
Authorization: Bearer <token>
Fields
iss
iss
String
ReliableRequiredIssuer. This will be the source responsible for the assertion.
sub
sub
String
ReliableRequiredSubject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
Thesub
value is a case sensitive string.
aud
aud
String
ReliableRequiredAudience(s) that this token is intended for. This will be your SSO destination.
exp
exp
Number
ReliableRequiredExpiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
iat
iat
Number
ReliableRequiredTime at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
name
name
String
ProbableEnd-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
given_name
given_name
String
ProbableGiven name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
family_name
family_name
String
ProbableSurname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
middle_name
middle_name
String
ProbableMiddle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
email
email
String
ProbableEnd-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.
npi
npi
String
ProbableEnd-User's NPI number. Note that not all providers will have an NPI number.
zoneinfo
zoneinfo
String
ProbableString from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
locale
locale
String
ProbableEnd-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
phone_number
phone_number
String
ProbableEnd-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
patient_ids
patient_ids[]
Array
ProbableAn array of identifiers for the patient.
Not all SSO sessions will have a Patient context attached.
patient_ids[].id
String
ProbableThe identifier.
patient_ids[].id_type
String
ProbableThe type of the indentifier.
For example, MRN.
visit_id
visit_id
String
ProbableAn indentifier indicating the current visit that the SSO context is happening in.
facility_id
facility_id
String
ProbableThe facility that the user is currently logged in to.
Facility represents different physical locations of a health system, for example Main Hospital vs. Diabetes Clinic.
department_id
department_id
String
ProbableThe department where the user is currently logged in.
A facility can contain multiple departments. For example, a hospital may have a physical therapy department and a radiology department.
{
"iss": "7ce6f387-c33c-417d-8682-81e83628cbd9",
"sub": "https://healtsystem.com/provider/4356789876",
"aud": "af394f14-b34a-464f-8d24-895f370af4c9",
"exp": 1575566836,
"iat": 1575565936,
"name": "Pat Granite MD",
"given_name": "Pat",
"family_name": "Granite",
"middle_name": null,
"email": null,
"npi": "4356789876",
"zoneinfo": "America/Chicago",
"locale": "en-US",
"phone_number": "+16085551234",
"patient_ids": [
{
"id": "0000000001",
"id_type": "MR"
},
{
"id": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
"id_type": "EHRID"
},
{
"id": "a1d4ee8aba494ca",
"id_type": "NIST"
}
],
"visit_id": null,
"facility_id": "RES General Hospital",
"department_id": "3N"
}
This information is sent in the body of the
POST
request. It provides a mapping between existing Redox sources and destinations, as well as the claims in the JSON web token in a Redox Data Model Format.
Fields
Meta
Meta.DataModel
String
ReliableRequiredData model.
E.g. Scheduling, Results
Meta.EventType
String
ReliableRequiredType of event.
E.g. New, Update
Meta.EventDateTime
DateTime
ReliableDateTime of the event.
ISO 8601 Format
Meta.Test
Boolean
ReliableFlag as a test message
Meta.Source
String
ReliableWhere the message originated.
Included in messages from Redox
Meta.Source.ID
String
ReliableID of the source.
UUID
Meta.Source.Name
String
ReliableName of the source
Meta.Destinations[]
Array of Objects
ReliableList of destinations to send your message to. All messages must have at least one destination. Queries accept only one destination.
Required when sending data to Redox
Meta.Destinations[].ID
String
ReliableID of the destination.
UUID
Meta.Destinations[].Name
String
ReliableName of the destination
Subject
Subject
String
ReliableRequiredSubject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
TheSubject
value is a case sensitive string.
Expiration
Expiration
Number
ReliableRequiredExpiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
IssuedAt
IssuedAt
Number
ReliableRequiredTime at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
UserId
UserId
String
PossibleEnd-User's user identification, the logical entitiy used to identify a user on a software, system, or websites.
Name
Name
String
ProbableEnd-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
FirstName
FirstName
String
ProbableGiven name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
LastName
LastName
String
ProbableSurname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
MiddleName
MiddleName
String
ProbableMiddle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
EmailAddress
EmailAddress
String
ProbableEnd-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.
NPI
NPI
String
ProbableEnd-User's NPI number. Note that not all providers will have an NPI number.
ProviderSpecialty
ProviderSpecialty
String
PossibleThe provider specialty. Note that not all providers will have a speciality.
TimeZone
TimeZone
String
ProbableString from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
Locale
Locale
String
ProbableEnd-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
PhoneNumber
PhoneNumber.Office
String
ProbableEnd-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
Patient
Patient.Identifiers[]
Array
ProbableAn array of identifiers for the patient.
Not all SSO sessions will have a Patient context attached.
Patient.Identifiers[].ID
String
ProbableThe identifier.
Patient.Identifiers[].IDType
String
ProbableThe type of the indentifier.
For example, MRN.
Patient.Demographics.FirstName
String
ProbableFirst Name of the Patient
Patient.Demographics.LastName
String
ProbableLast Name of the Patient
Patient.Demographics.MiddleName
String
ProbableMiddle Name of the Patient
Patient.Demographics.DOB
String
ProbableDate of birth of the Patient
Patient.Demographics.Sex
String
ProbablePatient's Sex
Patient.Demographics.PhoneNumber.Home
String
ProbablePatient's home phone number.
In E. 164 Format. (e.g. +16085551234)
Patient.Demographics.PhoneNumber.Office
String
ProbablePatient's office phone number.
In E. 164 Format. (e.g. +16085551234)
Patient.Demographics.PhoneNumber.Mobile
String
ProbablePatient's mobile phone number.
In E. 164 Format. (e.g. +16085551234)
Patient.Demographics.Address
Object
ProbablePatient's home address
Patient.Demographics.Address.StreetAddress
String
ProbableStreet address
Patient.Demographics.Address.City
String
ProbableCity
Patient.Demographics.Address.State
String
ProbableState
Patient.Demographics.Address.ZIP
String
ProbableZIP
Patient.Demographics.Address.County
String
PossibleCounty
Patient.Demographics.Address.Country
String
PossibleCountry
Visit
Visit.VisitNumber
String
ReliableNumber for the visit
Visit.Location
Object
ProbableLocation of the visit.
Visit.Location.Type
String
ProbableType of location.
Examples: Clinic, Department, Home, Nursing Unit, Provider's Office, Phone
Visit.Location.Facility
String
ProbableFacility.
Example: Community Hospital
Visit.Location.Department
String
ProbableDepartment
Visit.Location.Room
String
ProbableRoom.
Example: 136
Order
Order.ID
String
PossibleID of the order assigned by the placing system
{
"Meta": {
"DataModel": "SSO",
"EventType": "Sign-on",
"EventDateTime": "2017-11-02T20:37:41.634Z",
"Test": true,
"Source": {
"ID": "7ce6f387-c33c-417d-8682-81e83628cbd9",
"Name": "Redox Dev Tools"
},
"Destinations": [
{
"ID": "af394f14-b34a-464f-8d24-895f370af4c9",
"Name": "Redox EMR"
}
]
},
"Subject": "https://healtsystem.com/provider/4356789876",
"Expiration": "2019-12-05T17:27:16.454Z",
"IssuedAt": "2019-12-05T17:12:16.454Z",
"UserId": null,
"Name": "Pat Granite MD",
"FirstName": "Pat",
"LastName": "Granite",
"MiddleName": null,
"EmailAddress": null,
"NPI": "4356789876",
"ProviderSpecialty": null,
"TimeZone": "America/Chicago",
"Locale": "en-US",
"PhoneNumber": {
"Office": "+16085551234"
},
"Patient": {
"Identifiers": [
{
"ID": "0000000001",
"IDType": "MR"
},
{
"ID": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
"IDType": "EHRID"
},
{
"ID": "a1d4ee8aba494ca",
"IDType": "NIST"
}
],
"Demographics": {
"FirstName": "Timothy",
"LastName": "Bixby",
"MiddleName": "Paul",
"DOB": "2008-01-06",
"Sex": "Male",
"PhoneNumber": {
"Home": "+18088675301",
"Office": null,
"Mobile": null
},
"Address": {
"StreetAddress": "4762 Hickory Street",
"City": "Monroe",
"State": "WI",
"ZIP": "53566",
"County": "Green",
"Country": "US"
}
}
},
"Visit": {
"VisitNumber": null,
"Location": {
"Type": "Inpatient",
"Facility": "RES General Hospital",
"Department": "3N",
"Room": "136"
}
},
"Order": {
"ID": null
}
}