Penn Medicine · OAuth Scopes

Penn Medicine OAuth Scopes

OAuth 2.0 derived

Penn Medicine publishes 6 OAuth 2.0 scopes via the authorizationCode and clientCredentials flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the Penn Medicine API on a user’s behalf.

Tokens are issued from https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

HealthcareHospitalAcademic Medical CenterFHIRSMART On FHIRPatient AccessProvider DirectoryCMS InteroperabilityUS CoreBulk DataEpic
Scopes: 6 Flows: authorizationCode, clientCredentials Method: derived

OAuth endpoints

Authorization URL
https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/authorize
Token URL
https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/token
Flows
authorizationCodeclientCredentials

Scopes (6)

ScopeDescriptionFlows
fhirUser Current FHIR user identity authorizationCode
launch SMART app launch context authorizationCode
offline_access Refresh token issuance authorizationCode
openid OpenID Connect authorizationCode
profile User profile claims authorizationCode
system/*.read System-level read of all resources (Bulk Data) clientCredentials

Source

OAuth Scopes

penn-medicine-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/penn-medicine-fhir-r4-openapi.yml
schemes:
- name: smartOnFhir
  source: openapi/penn-medicine-fhir-r4-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/authorize
    tokenUrl: https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/token
  - flow: clientCredentials
    tokenUrl: https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/token
scopes:
- scope: fhirUser
  description: Current FHIR user identity
  flows:
  - authorizationCode
  sources:
  - openapi/penn-medicine-fhir-r4-openapi.yml
- scope: launch
  description: SMART app launch context
  flows:
  - authorizationCode
  sources:
  - openapi/penn-medicine-fhir-r4-openapi.yml
- scope: offline_access
  description: Refresh token issuance
  flows:
  - authorizationCode
  sources:
  - openapi/penn-medicine-fhir-r4-openapi.yml
- scope: openid
  description: OpenID Connect
  flows:
  - authorizationCode
  sources:
  - openapi/penn-medicine-fhir-r4-openapi.yml
- scope: profile
  description: User profile claims
  flows:
  - authorizationCode
  sources:
  - openapi/penn-medicine-fhir-r4-openapi.yml
- scope: system/*.read
  description: System-level read of all resources (Bulk Data)
  flows:
  - clientCredentials
  sources:
  - openapi/penn-medicine-fhir-r4-openapi.yml