If the beneficiary declines to share information that your application needs to function, you may display a message explaining why that information is needed and request reauthorization or handle the collection of that information elsewhere within your application.
The default selection when a beneficiary reaches the authorization screen will be to share all data, including demographic data, with your application. If a beneficiary makes a selection as to whether or not they want to share demographic data with your application and later decides they want to change that selection, they’ll need to be taken through the authorization flow again to make a different choice from the OAuth screen.
Native Mobile App Support
Native Mobile App Support follows the RFC 8252 - OAuth 2.0 for Native Apps authentication flow utilizing the PKCE extension and enables a custom URI scheme redirect.
The implementation of the RFC 8252 specification enables developers to build mobile applications without requiring a proxy server to route redirect calls to their mobile app.
The PKCE extension provides a technique for public clients to mitigate the threat of a “man-in-the-middle” attack. This involves creating a secret that is used when exchanging the authorization code to obtain an access token.
PKCE uses a code challenge that is derived from a code-verifier. The standard supports two styles of code challenge:
Redirect_URI
When registering an Application, a redirect URI is required. This is the API endpoint on your system that receives the callback from the Blue Cross NC API after a beneficiary is passed to the Blue Cross NC API to authorize your application.
Web Application Flow
To use this flow, your application should be registered with Client Type set to confidential and Grant Type set to authorization-code.
Core Resources
Base Request URL:
https://apiservicessb-ext.bcbsnc.com/fhir/sb/R4/payer-to-payer
FHIR Resources:
- All Clinical resources as defined in DaVinci IG - http://hl7.org/fhir/us/davincipdex/toc.html
Note : Patient/<FHIRID>/$everything is supported and will need to be used by clients to initiate data request and receive a bundle response. Individual FHIR resources are not supported.
UserInfo:
- Get User Profile from an Authorization Token.
FHIR Resource Bundle
/fhir/sb/R4/payer-to-payer/Patient/2657/$everything
The above URL returns all of the beneficiary’s clinical records as an FHIR Resource Bundle.
curl --header "Authorization: Bearer AUTHORIZATION TOKEN"
"https://apiservicessb-ext.bcbsnc.com/fhir/sb/R4/payer-topayer/Patient/2657/$everything"
That API call will return a bundle that contains many FHIR resources and is typically thousands of lines long.
{
"resourceType": "Bundle",
"id": "989f6d15-43e9-429f-97a5-93de5dc1e89b",
"meta": {
"lastUpdated": "2021-11-22T20:24:03.946-05:00"
},
"type": "searchset",
"link": [
{
"relation": "self",
"url": "https://apiservicessb-ext.bcbsnc.com/fhir/sb/R4/payer-topayer/Patient/2657/$everything"
}
],
"entry": [
{
"fullUrl": "https://apiservicessbext.bcbsnc.com/fhir/sb/R4/payer-to-payer/Patient/2657",
"resource": {
"resourceType": "Patient",
"id": "2657",
"meta": {
"versionId": "2",
"lastUpdated": "2021-11-22T14:53:07.885-05:00",
"source": "#PuvVum8uEowtNfhY",
"profile": [
"http://hl7.org/fhir/us/carinbb/StructureDefinition/C4BB-Patient",
"http://hl7.org/fhir/us/core/StructureDefinition/uscore-patient"
]
},
"identifier": [
{
"type": {
"coding": [
{
"system":
"http://terminology.hl7.org/CodeSystem/v2-0203",
"code": "MB"
}
]
},
"system":
"http://bluecrossnc.com/fhir/memberidentifier",
"value": "J1269564601"
}
],
"name": [
{
"family": "BCNCLASTTHREE",
"given": [
"BCNCFIRSTTHREE"
]
}
],
"gender": "female",
"birthDate": "1944-06-06",
"address": [
{
"line": [
"23 WESTERN ST"
],
"city": "MOUNT AIRY",
"state": "NC",
"postalCode": "27030"
}
]
},
"search": {
"mode": "match"
}
},
{
"fullUrl": "https://apiservicessbext.bcbsnc.com/fhir/sb/R4/payer-to-payer/Provenance/4e44a0f0-e723-3f1b-a6dea3f5023630d0",
"resource": {
"resourceType": "Provenance",
"id": "4e44a0f0-e723-3f1b-a6de-a3f5023630d0",
"meta": {
"versionId": "1",
"lastUpdated": "2021-08-04T08:58:05.801-04:00",
"source": "#sAN2NtgMboFqXbTd",
"profile": [
"http://hl7.org/fhir/us/core/StructureDefinition/uscore-provenance"
]
},
"target": [
{
"reference": "Patient/2657",
"identifier": {
"type": {
"coding": [
{
"system":
"http://terminology.hl7.org/CodeSystem/v2-0203",
"code": "MB"
}
]
},
"value": "J1269564601"
}
},
{
"reference": "Condition/26efcfd2-acfb-31bb-b2feb48574ff188f"
},
{
"reference": "Procedure/6dac3a0e-283b-3a37-a1aab98214efa5ef"
}
],
"recorded": "2018-10-10T00:00:00.000-04:00",
"agent": [
{
"type": {
"coding": [
{
"system":
"http://terminology.hl7.org/CodeSystem/provenance-participant-type",
"code": "author"
}
]
},
"who": {
"reference": "Organization/BCBSNC"
}
}
]
},
"search": {
"mode": "match"
}
}
... this is only a subset of the entire output ...
Get User Profile for an Authorization Token
HTTP GET /connect/userinfo
The UserInfo Endpoint is an OAuth 2.0 Protected Resource. The above URL fetches the fictitious beneficiary’s basic account information given an Authorization Token. This is most often used when creating an account within your application. An HTTP GET is called and the response is returned as JSON.
curl --header "Authorization: Bearer AUTHORIZATION TOKEN"
"https://apiservicessb-ext.bcbsnc.com/v1/connect/userinfo"
{
"sub": "fflinstone",
"prefered_username": "fflinstone",
"given_name": "Fred",
"family_name:, "Flinstone,
"name": "Fred Flinstone",
"email": "pebbles-daddy@example.com",
"created": "2017-11-28",
"patient": "123456789",
}