AJ Auth Server Quick Start

Prerequisites

Docker + Docker Compose v2
A HAPI FHIR server (included in compose)
PostgreSQL (included in compose)
Epic sandbox client ID (optional — for Epic launch testing)

1. Start the stack

git clone https://github.com/AKHester-Technologies/aj-smart-fhir-platform
cd aj-smart-fhir-platform
cp .env.example .env
# Edit .env: set DB_PASSWORD and optionally EPIC_CLIENT_ID
docker compose up

2. Verify

./scripts/verify.sh

Expected:

✓ SMART discovery proxy (200)
✓ Discovery has authorization_endpoint
✓ Auth server health (200)
✓ JWKS endpoint (200)
✓ JWKS does not expose private key
All checks passed ✓

3. Open the launch portal

http://localhost:9000/portal

Log in with dev credentials, select a patient, click Launch. The SMART flow runs — you will see the authorization code redirect, PKCE verification, and the token response with patient and encounter as top-level fields.

4. Inspect the token response

{
  "access_token": "eyJhbGciOiJSUzI1NiI...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "launch openid patient/Patient.rs",
  "patient": "GOLDEN-00441",
  "encounter": "enc-441-br01",
  "need_patient_banner": true,
  "id_token": "eyJhbGciOiJSUzI1NiI..."
}

patient and encounter are top-level

patient and encounter are top-level JSON fields in the token response body — not inside the JWT. This is SMART v2.2 spec §7.1. Most implementations get this wrong by putting them only in the JWT payload.

Prerequisites​

1. Start the stack​

2. Verify​

3. Open the launch portal​

4. Inspect the token response​

Prerequisites

1. Start the stack

2. Verify

3. Open the launch portal

4. Inspect the token response