Glossary
What is SMART on FHIR?
SMART on FHIR is a profile that defines OAuth 2.0 launch flows and scope strings for applications that consume FHIR data, typically launched from an EHR.
In context
SMART defines two main launch contexts: `EHR launch` (the EHR launches the app with patient and user context) and `standalone launch` (the user launches the app directly). It defines a scope syntax (`patient/Observation.read`, `user/Patient.read`, `system/MedicationRequest.write`) that maps user-level and system-level access to FHIR resources and operations.
SMART scopes are an authorization vocabulary. The server still has to enforce the access boundary; the scopes describe what was requested and granted at launch time.
How Fire Arrow handles it
Fire Arrow's authentication is OAuth 2.0 / OIDC and supports SMART launch flows. SMART scope strings map onto Fire Arrow's authorisation model of role, resource type, and operation. The clinical scoping that SMART scopes describe (a clinician's organisation, a patient's own data, a care team's caseload) is expressed as compartment-based and identity-conditional rules, not as the scope string alone.
