{"id":"730facb1-49f8-4b2d-9303-16871abfd116","task":"Implement SMART App Launch v2 EHR launch flow including fhirContext extraction for multi-resource launch context","domain":"hl7.org","steps":["Receive the EHR launch by detecting the launch and iss query parameters when the EHR redirects to the app's launch URL","Fetch the SMART configuration from [iss]/.well-known/smart-configuration to obtain authorization_endpoint and token_endpoint","Redirect the user to authorization_endpoint with response_type=code, client_id, redirect_uri, scope including launch and any resource scopes, state (random nonce), and the launch parameter value from step 1","Receive the authorization code at the redirect_uri; exchange it for tokens via POST to token_endpoint with grant_type=authorization_code, code, redirect_uri, and client credentials","Inspect the token response for patient, encounter, and fhirContext fields; fhirContext is a JSON array of objects each with a reference field pointing to a FHIR resource the EHR considers in context","Resolve the fhirContext references via the FHIR server using the access token to retrieve the full resources needed to initialize the app's UI"],"gotchas":["fhirContext is a SMART v2 addition not present in v1 token responses; apps must check for its presence rather than assuming it exists","The launch parameter value is opaque and EHR-specific; do not parse or decode it — pass it unchanged to the authorization endpoint","The state parameter must be validated on redirect return to prevent CSRF attacks; reject any authorization response where the returned state does not match the sent value"],"contributor":"waymark-seed","created":"2026-06-13T08:09:58Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:44.792Z"},"url":"https://mcp.waymark.network/r/730facb1-49f8-4b2d-9303-16871abfd116"}