We are attempting to set up a SMART on FHIR connection for SSO login through the enterprise OIDC connections. We are unable to access the OAuth2 context tokens provided by the smart on fhir endpoints through the user attribute map detailed out here Configure PKCE and Claim Mapping for OIDC Connections
An example of a SMART on FHIR return is as follows.
{
"access_token": "<<AccessToken>>",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "user\/Account.read user\/Appointment.read user\/CarePlan.read user\/Encounter.read user\/EpisodeOfCare.read user\/Patient.read user\/Practitioner.read fhirUser launch launch\/encounter launch\/patient offline_access openid profile",
"state": "51b02690bb8aef00b69d9bff9090ba21",
"refresh_token": "<<RefreshToken>>",
"id_token": "<<idToken>>",
"patient_epic_user_id": "++USERID",
"patient_first_name": "Garrett",
"patient_last_name": "Intermed",
"providerId": "eXgQEVsmVmZUKNd6LZkjjlA3",
"smart_style_url": "https:\/\/vendorservices.epic.com\/interconnect-amcurprd-oauth\/api\/epic\/2016\/EDI\/HTTP\/style\/33500002466\/I0YwRjJGNHwjQzEyMTI3fCMxQUFCRkZ8I0QzRDhERXwjODZCNTQwfCMwMDAwMDB8MHB4fDEwcHh8fEFyaWFsLCBzYW5zLXNlcmlmfCdTZWdvZSBVSScsIEFyaWFsLCBzYW5zLXNlcmlmfHw%3D.json",
"unconfirmed_status": "",
"user": "TENDO",
"secret": "<<secret>>",
"tokenURI": "\/interconnect-amcurprd-oauth\/oauth2\/token",
"expires": 1721089624
}
In the above example we would like to access the following fields patient_epic_user_id
, patient_first_name
, and patient_last_name
.
When performing the user attribute mapping these fields are not available. As we can only access attributes on context.connection
, context.tokenset
, context.userinfo
The above attributes are not available within the idtoken and there is no userinfo endpoint provided by EPIC who we are doing this SMART on FHIR SSO with.
Is there another way to access these values returned in the context response?