Fixes openemr#5158 FHIR docs Revoke Token,Bulk (openemr#5159)

Fixed some typos in the bulk export documentation. Added section talking about how to revoke a token.
bradymiller · Apr 16, 2022 · 6a18798 · 6a18798
1 parent 9cb8f35
commit 6a18798
Showing 1 changed file with 26 additions and 2 deletions.
diff --git a/FHIR_README.md b/FHIR_README.md
@@ -98,11 +98,11 @@ An export operation that implements the [BULK FHIR Export ONC requirements](http
           curl -X GET 'https://localhost:9300/apis/default/fhir/$export'
     ```
  - Group Export, requires the **system/Group.$export** scope.  Exports all data in the [Patient Compartment](https://www.hl7.org/fhir/compartmentdefinition-patient.html) for the group.
-   There is only one group defined in the system currently.  If OpenEMR defines additional patient population groups you would change the Group ID in the API call.
+   The system automatically creates a group for every Practitioner resource in the system where the patients in the group are the individuals who have the Practitioner as their primary care provider.  
     ```sh
           curl -X GET 'https://localhost:9300/apis/default/fhir/Group/1/$export'
     ```
- - Patient Export, requires the **system/Group.$export** scope.  Exports all data for all patients in the [Patient Compartment](https://www.hl7.org/fhir/compartmentdefinition-patient.html).
+ - Patient Export, requires the **system/Patient.$export** scope.  Exports all data for all patients in the [Patient Compartment](https://www.hl7.org/fhir/compartmentdefinition-patient.html).
     ```sh
           curl -X GET 'https://localhost:9300/apis/default/fhir/Patient/$export'
     ```
@@ -143,6 +143,14 @@ You can download the exported documents which are formatted in Newline Delimited
           curl -X GET 'https://localhost:9300/apis/default/fhir/Document/105232/Binary'
     ```
 
+In order to download the documents you will need the **system/Document.read** scope.
+
+#### Bulk FHIR Scope Reference
+- All System export - **system/\*.$export system\*.$bulkdata-status system/Document.read**
+- Group System export - **system/Group.$export system\*.$bulkdata-status system/Document.read**
+- Patient System export - **system/Patient.$export system\*.$bulkdata-status system/Document.read**
+
+#### 
 ## 3rd Party SMART Apps
 OpenEMR supports the ability for 3rd party apps who implement the [SMART on FHIR App Launch Implementation Guide 1.1.0](http://hl7.org/fhir/smart-app-launch/2021May/) context. 
 
@@ -152,6 +160,22 @@ For a patient to have access to their patient data via a 3rd party app they must
 
 OpenEMR does NOT support wildcard scopes (patient/*.* or patient/*.read).  Scopes must be requested explicitly by an app at the time of registration.  OpenEMR does not support adding scopes from the initial registration.
 
+
+## Revoking Clients, Users, Access Tokens, Refresh Tokens
+
+## Revoking Clients
+You can disable a client completely which prevents their access tokens from being used in the system from the Admin -> System -> API Clients interface.  Edit the client registered in your system you wish to disable and hit the Disable button.
+
+## Revoking Users
+If you wish to revoke a user's authorization for a particular client you will need to open up the API client from the Admin -> System -> API Clients interface.  Once you are editing the client you will need to go to the Authenticated API Users section.
+
+From there you can find the user that is listed and hit the Revoke User button (Note this can be a lengthy list so use your browser's search text functionality to find the user).
+
+## Revoking Access Tokens
+You can revoke an access token two ways.  One from the API Client edit screen, finding the client and then the access token's identifier you wish to revoke.  
+
+The second way is if you have the fully encoded access token using the API Client Tools screen.  Go to Admin->System->API Clients and then click on the Token Tools button.  Paste in the entire encoded token and then select Parse Token.  Information about the token will be displayed including the authenticated user that authorized the token.  Now select the Revoke Token button to revoke the token.  A success message will be displayed when the revocation completes.  You can parse the token again to see that the token has been revoked. 
+
 ## For Developers
 
 FHIR endpoints are defined in the [primary routes file](_rest_routes.inc.php). The routes file maps an external, addressable