Fixing JSON.parse Failures With FHIR & Opaque Launch

Hey guys,

Let's dive into a tricky issue encountered while working with FHIR servers and the launch parameter in SMART applications. It seems there's a snag when dealing with authenticated FHIR servers that send an opaque launch parameter. The JSON.parse failure arises because the application attempts to parse this parameter as a JSON-encoded string, which isn't always the case, leading to some catastrophic errors.

The Problem: Opaque launch Parameter and JSON Parsing

The heart of the issue lies in how the application handles the launch parameter, which, according to the SMART App Launch specification, should be treated as an opaque string. This means it's essentially a black box, an identifier that the application shouldn't try to interpret or dissect.

launch - required - Opaque identifier for this specific launch and any EHR context associated with it. This parameter must be communicated back to the EHR at authorization time by passing along a launch parameter (see example below).

However, the SMART-EHR-Launcher project, specifically in these sections of the code:

• codec.ts#L153
• useLauncherQuery.ts#L50

Tries to parse the launch parameter as a JSON string. This becomes a problem when FHIR servers, like Medplum, send back a simple UUID (e.g., launch=661ea442-7359-4492-b617-459c96f751ea) as the launch parameter, which isn't JSON encoded. This mismatch causes the JSON.parse operation to fail, halting the application's launch process.

To illustrate, imagine you're expecting a nicely wrapped gift box (JSON), but instead, you receive a plain, unlabeled item (UUID). Trying to open the unlabeled item as if it were a gift box will obviously lead to confusion and, in this case, an error.

Why is this happening?

The root cause is a misinterpretation of the launch parameter's nature. The specification clearly states it should be treated as opaque, meaning the application shouldn't make assumptions about its internal structure or encoding. By attempting to parse it as JSON, the application introduces a potential point of failure when encountering servers that adhere to the specification by sending non-JSON encoded launch parameters.

The Impact of the Failure

The consequences of this JSON.parse failure can be quite severe. It can lead to a complete halt in the application's launch sequence, preventing users from accessing the intended functionality. This is particularly problematic in healthcare settings, where timely access to patient data and applications is crucial.

Imagine a doctor trying to access a patient's medical history using a SMART application. If the launch parameter parsing fails, the application won't load, potentially delaying treatment decisions and impacting patient care.

A Partial Workaround: Checking Authentication Status

A temporary solution involves checking if authentication is enabled before attempting to parse or decode the launch parameter. This workaround, implemented in this commit, essentially bypasses the faulty parsing logic in certain scenarios. However, this is just a bandage, not a cure. It prevents the immediate crash but doesn't address the fundamental issue of misinterpreting the launch parameter.

Think of it like putting a temporary patch on a leaky pipe. It might stop the immediate drip, but the underlying problem – the hole in the pipe – remains and will eventually need a proper fix.

Limitations of the Workaround

The workaround's main limitation is that it's not a comprehensive solution. It only addresses the issue in specific cases, leaving the application vulnerable to the same error if the authentication flow or server configuration changes. Moreover, it doesn't fully utilize the information potentially contained within the launch parameter, even if it's not JSON encoded. There might be valuable data encoded in a different format that the application could leverage if it treated the parameter as a general string.

A Better Approach: Treating launch as Opaque

The correct way to handle the launch parameter is to treat it as the specification dictates: as an opaque string. This means avoiding any attempts to parse or decode it unless there's a specific agreement with the FHIR server about its encoding. The application should simply store the launch parameter and pass it back to the EHR as required, without trying to interpret its contents.

This approach is similar to handling a secret key. You wouldn't try to decipher the key itself; you'd simply use it as is to unlock a specific function or access data. The launch parameter, in this context, is the key to accessing the application's context within the EHR.

Benefits of Opaque Handling

Adopting this approach offers several advantages:

1. Robustness: The application becomes more resilient to variations in FHIR server implementations. It will work correctly regardless of how the server encodes the launch parameter.
2. Compliance: It aligns with the SMART App Launch specification, ensuring interoperability with a wider range of FHIR servers and applications.
3. Security: By avoiding unnecessary parsing, the application reduces the risk of security vulnerabilities related to malformed or malicious launch parameters.

Learning from Medplum's Demo App

As pointed out, Medplum has a working SMART app launch demo application (medplum-smart-on-fhir-demo) that can serve as a valuable reference. Examining their implementation can provide insights into how to correctly handle the launch parameter and other aspects of the SMART App Launch framework.

By studying successful implementations, we can learn best practices and avoid common pitfalls, ultimately leading to more robust and reliable SMART applications.

Conclusion: Embrace Opacity

The JSON.parse failure highlights the importance of adhering to specifications and treating opaque parameters as such. By correctly handling the launch parameter as an opaque string, we can build more robust, compliant, and secure SMART applications that seamlessly integrate with various FHIR servers. Remember, guys, the key is to embrace the opacity and let the launch parameter be what it's meant to be: a simple identifier, not a puzzle to be solved.

I hope this explanation helps clarify the issue and provides a clear path towards a solution. Let's keep building awesome and interoperable healthcare applications!