Jefferson Health · OAuth Scopes

Jefferson Health OAuth Scopes

OAuth 2.0 derived

Jefferson Health publishes 13 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Jefferson Health API on a user’s behalf.

Tokens are issued from https://fhir.jefferson.edu/FHIRProxy/oauth2/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Academic Medical CenterCARIN Blue ButtonCMS InteroperabilityCures ActDa Vinci Plan-NetEpicFHIRHL7HealthcareHospital SystemMyChartOAuth 2.0Patient AccessProvider DirectorySMART on FHIRUS CoreUSCDI
Scopes: 13 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://fhir.jefferson.edu/FHIRProxy/oauth2/authorize
Token URL
https://fhir.jefferson.edu/FHIRProxy/oauth2/token
Flows
authorizationCode

Scopes (13)

ScopeDescriptionFlows
fhirUser Identity of the user launching the app authorizationCode
launch EHR launch context for provider-launched apps authorizationCode
offline_access Refresh token for long-lived access authorizationCode
openid OpenID Connect authentication authorizationCode
patient/AllergyIntolerance.read Read the launching patient's allergies authorizationCode
patient/Condition.read Read the launching patient's conditions authorizationCode
patient/DocumentReference.read Read the launching patient's documents authorizationCode
patient/Encounter.read Read the launching patient's encounters authorizationCode
patient/MedicationRequest.read Read the launching patient's medication requests authorizationCode
patient/Observation.read Read the launching patient's observations authorizationCode
patient/Patient.read Read the launching patient's demographics authorizationCode
system/Patient.read System-level Patient read (Bulk Data) authorizationCode
user/Patient.read Read Patient as the launching user authorizationCode

Source

OAuth Scopes

jefferson-health-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
schemes:
- name: smartOnFhir
  source: openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://fhir.jefferson.edu/FHIRProxy/oauth2/authorize
    tokenUrl: https://fhir.jefferson.edu/FHIRProxy/oauth2/token
  description: SMART on FHIR / OAuth 2.0 with PKCE for patient-facing and provider-facing app
    launches.
scopes:
- scope: fhirUser
  description: Identity of the user launching the app
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: launch
  description: EHR launch context for provider-launched apps
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: offline_access
  description: Refresh token for long-lived access
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: openid
  description: OpenID Connect authentication
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: patient/AllergyIntolerance.read
  description: Read the launching patient's allergies
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: patient/Condition.read
  description: Read the launching patient's conditions
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: patient/DocumentReference.read
  description: Read the launching patient's documents
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: patient/Encounter.read
  description: Read the launching patient's encounters
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: patient/MedicationRequest.read
  description: Read the launching patient's medication requests
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: patient/Observation.read
  description: Read the launching patient's observations
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: patient/Patient.read
  description: Read the launching patient's demographics
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: system/Patient.read
  description: System-level Patient read (Bulk Data)
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml
- scope: user/Patient.read
  description: Read Patient as the launching user
  flows:
  - authorizationCode
  sources:
  - openapi/jefferson-health-tjuh-fhir-r4-api-openapi.yml