Session Lifecycle

A viewer session starts after a successful SMART on FHIR launch and token exchange. The session remains active as long as the access token is valid and the browser tab stays open. No data is stored locally or persisted between sessions.

• A session begins when the viewer is launched with a valid access token
• The viewer retrieves data dynamically during the session and does not store it
• Refreshing or closing the browser tab ends the session and requires a new launch
• If the token expires mid-session, the viewer attempts a silent refresh if a refresh token is present; otherwise, the session ends

Access Scope Enforcement

Access to patient data is governed by the OAuth 2.0 scopes granted during the SMART on FHIR authorization process. These scopes determine what data types are available and whether access is patient-scoped or user-based.

• The patient/*.* scope enables access to resources for the patient specified in the launch context
• The user/*.* scope applies role-based access controls based on the authenticated user
• Only FHIR resources permitted by the granted scopes are visible in the viewer

Handling Expired or Invalid Tokens

The viewer automatically tracks token validity and responds to authentication issues to protect session integrity. When tokens expire or become invalid, the viewer handles the error gracefully and attempts to continue the session when possible.

• If a token expires and no refresh token is available, the session ends and redirects to the original launch URL
• If the token is invalid or revoked, the viewer displays an error and blocks access to clinical data
• If a refresh token is present, the viewer attempts to silently obtain a new access token to continue the session without disruption