Original question: I have an app which authorizes user through https://auth.logicahealth.org/authorize endpoint, retrieves corresponding Patient's data and displays it on UI.
My first problem is that there is no way for me to find out what Patient ID corresponds to this user in EHR. Currently I am resolving this problem by passing a launch/patient scope and prompting a user to choose a right patient. This works for testing, but is absurd in my specific use case.
I was hoping that "Persona" related functionality will do a job for me. I can map a user to a Patient and then somehow retrieve this info during launch. But credentials do not work. My credentials are: carol@DaVinciPDexProvider/carol, as mentioned in Personas screen, but when entering them in login screen I get "Invalid username or password.".
Am I missing something?
Jacob's workaround: Although not the most intuitive, there is a workaround. First, launch your app within Logica Sandbox or set up a launch scenario for your app with "carol" as the persona. Doing so will force you to choose a persona (in your case, choose the patient persona "carol"). This will "save" Carol as the "logged in" user in your browser's session. After doing this, you can launch your standalone app and you'll find Carol's user information in the id_token returned by the /token call.
*Further customer Question: * Thank you for your answers. I launched an app from EHR and was able to select a Persona. Also the mapped Patient was returned in a fhirUser claim of an ID token. Then I got an Access token and tried to query for all Patients: https://api.logicahealth.org/DaVinciPDexProvider/data/Patient with scope "user/Patient.read openid profile launch fhirUser". Response contained 70 Patients. The same response was returned with another scope "patient/Patient.read openid profile launch fhirUser".
There are two questions here:
1. Why doesn't patient/Patient.read scope limit response to return only the patient selected at launch time?
2. Is there any relation between a Patient mapped to a Persona and scopes? What if I want to log in as a Persona and work only with an associated Patient (In this case there is no need in a Patient selector at launch time). Also I should be unable to work with other Patients.