SSO
Single Sign-on (SSO) allows applications on the Redox network to securely connect to other applications and share the login context for a user. The most common use case is a provider in an EHR launching an integrated application, and being automatically logged in, as well as passing context such as which patient and visit are open.
This is body of the JSON web token. Redox will use HMAC SHA256 as the hash algorithm.
The token will be sent in the Authorization header as a bearer token.
Authorization: Bearer <token>
Fields
iss
issString
ReliableRequiredIssuer. This will be the source responsible for the assertion.
sub
subString
ReliableRequiredSubject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
Thesubvalue is a case sensitive string.
aud
audString
ReliableRequiredAudience(s) that this token is intended for. This will be your SSO destination.
exp
expNumber
ReliableRequiredExpiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
iat
iatNumber
ReliableRequiredTime at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
name
nameString
ProbableEnd-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
given_name
given_nameString
ProbableGiven name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
family_name
family_nameString
ProbableSurname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
middle_name
middle_nameString
ProbableMiddle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
email
emailString
ProbableEnd-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.
npi
npiString
ProbableEnd-User's NPI number. Note that not all providers will have an NPI number.
zoneinfo
zoneinfoString
ProbableString from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
locale
localeString
ProbableEnd-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
phone_number
phone_numberString
ProbableEnd-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
patient_ids
patient_ids[]Array
ProbableAn array of identifiers for the patient.
Not all SSO sessions will have a Patient context attached.
patient_ids[].idString
ProbableThe identifier.
patient_ids[].id_typeString
ProbableThe type of the indentifier.
For example, MRN.
visit_id
visit_idString
ProbableAn indentifier indicating the current visit that the SSO context is happening in.
facility_id
facility_idString
ProbableThe facility that the user is currently logged in to.
Facility represents different physical locations of a health system, for example Main Hospital vs. Diabetes Clinic.
department_id
department_idString
ProbableThe department where the user is currently logged in.
A facility can contain multiple departments. For example, a hospital may have a physical therapy department and a radiology department.
{
"iss": "7ce6f387-c33c-417d-8682-81e83628cbd9",
"sub": "https://healtsystem.com/provider/4356789876",
"aud": "af394f14-b34a-464f-8d24-895f370af4c9",
"exp": 1564777463,
"iat": 1564776563,
"name": "Pat Granite MD",
"given_name": "Pat",
"family_name": "Granite",
"middle_name": null,
"email": null,
"npi": "4356789876",
"zoneinfo": "America/Chicago",
"locale": "en-US",
"phone_number": "+16085551234",
"patient_ids": [
{
"id": "0000000001",
"id_type": "MR"
},
{
"id": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
"id_type": "EHRID"
},
{
"id": "a1d4ee8aba494ca",
"id_type": "NIST"
}
],
"visit_id": null,
"facility_id": "RES General Hospital",
"department_id": "3N"
}This information is sent in the body of the
POSTrequest. It provides a mapping between existing Redox sources and destinations, as well as the claims in the JSON web token in a Redox Data Model Format.
Fields
Meta
Meta.DataModelString
ReliableRequiredData model.
E.g. Scheduling, Results
Meta.EventTypeString
ReliableRequiredType of event.
E.g. New, Update
Meta.EventDateTimeDateTime
ReliableDateTime of the event.
ISO 8601 Format
Meta.TestBoolean
ReliableFlag as a test message
Meta.SourceString
ReliableWhere the message originated.
Included in messages from Redox
Meta.Source.IDString
ReliableID of the source.
UUID
Meta.Source.NameString
ReliableName of the source
Meta.Destinations[]Array of Objects
ReliableList of destinations to send your message to. All messages must have at least one destination. Queries accept only one destination.
Required when sending data to Redox
Meta.Destinations[].IDString
ReliableID of the destination.
UUID
Meta.Destinations[].NameString
ReliableName of the destination
Subject
SubjectString
ReliableRequiredSubject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
TheSubjectvalue is a case sensitive string.
Expiration
ExpirationNumber
ReliableRequiredExpiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
IssuedAt
IssuedAtNumber
ReliableRequiredTime at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
Name
NameString
ProbableEnd-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
FirstName
FirstNameString
ProbableGiven name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
LastName
LastNameString
ProbableSurname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
MiddleName
MiddleNameString
ProbableMiddle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
EmailAddress
EmailAddressString
ProbableEnd-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.
NPI
NPIString
ProbableEnd-User's NPI number. Note that not all providers will have an NPI number.
TimeZone
TimeZoneString
ProbableString from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
Locale
LocaleString
ProbableEnd-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
PhoneNumber
PhoneNumber.OfficeString
ProbableEnd-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
Patient
Patient.Identifiers[]Array
ProbableAn array of identifiers for the patient.
Not all SSO sessions will have a Patient context attached.
Patient.Identifiers[].IDString
ProbableThe identifier.
Patient.Identifiers[].IDTypeString
ProbableThe type of the indentifier.
For example, MRN.
Patient.Demographics.FirstNameString
ProbableFirst Name of the Patient
Patient.Demographics.LastNameString
ProbableLast Name of the Patient
Patient.Demographics.MiddleNameString
ProbableMiddle Name of the Patient
Patient.Demographics.DOBString
ProbableDate of birth of the Patient
Patient.Demographics.SexString
ProbablePatient's Sex
Visit
Visit.VisitNumberString
ReliableNumber for the visit
Visit.LocationObject
ProbableLocation of the visit.
Visit.Location.TypeString
ProbableType of location.
Examples: Clinic, Department, Home, Nursing Unit, Provider's Office, Phone
Visit.Location.FacilityString
ProbableFacility.
Example: Community Hospital
Visit.Location.DepartmentString
ProbableDepartment
Visit.Location.RoomString
ProbableRoom.
Example: 136
{
"Meta": {
"DataModel": "SSO",
"EventType": "Sign-on",
"EventDateTime": "2017-11-02T20:37:41.634Z",
"Test": true,
"Source": {
"ID": "7ce6f387-c33c-417d-8682-81e83628cbd9",
"Name": "Redox Dev Tools"
},
"Destinations": [
{
"ID": "af394f14-b34a-464f-8d24-895f370af4c9",
"Name": "Redox EMR"
}
]
},
"Subject": "https://healtsystem.com/provider/4356789876",
"Expiration": "2019-08-02T20:24:23.418Z",
"IssuedAt": "2019-08-02T20:09:23.418Z",
"Name": "Pat Granite MD",
"FirstName": "Pat",
"LastName": "Granite",
"MiddleName": null,
"EmailAddress": null,
"NPI": "4356789876",
"TimeZone": "America/Chicago",
"Locale": "en-US",
"PhoneNumber": {
"Office": "+16085551234"
},
"Patient": {
"Identifiers": [
{
"ID": "0000000001",
"IDType": "MR"
},
{
"ID": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
"IDType": "EHRID"
},
{
"ID": "a1d4ee8aba494ca",
"IDType": "NIST"
}
],
"Demographics": {
"FirstName": "Timothy",
"LastName": "Bixby",
"MiddleName": "Paul",
"DOB": "2008-01-06",
"Sex": "Male"
}
},
"Visit": {
"VisitNumber": null,
"Location": {
"Type": "Inpatient",
"Facility": "RES General Hospital",
"Department": "3N",
"Room": "136"
}
}
}