App launch within an EHR system via single sign-on

Last updated: Nov 8, 2023

All single sign-on (SSO) schemes hinge on validating that a user is who they say they are. With Redox Nexus, the goal is to simplify all the moving pieces and roles to just two: you and Redox. You trust us to verify that the SSO request is valid, and we normalize and pull as much information to launch your application.

Redox Nexus uses the SSO data model to abstract away, or simplify, authentication strategies like SAML Web Browser Profile and SMART on FHIR®. Learn more about each of these below:

JSON Web Tokens

The SSO data model uses JSON Web Tokens (JWT) to convey who the user is. Learn how to authenticate with JWT.

When setting up SSO, we generate a shared secret that we sign our token with. You're responsible for validating the signature using this shared secret, along with fields in the token itself (e.g., the expiration).

Explore testing and debugging tools and documentation for JWT.

The SSO flow

The SSO data model sends an HTTP POST request to an endpoint you've configured in the Redox dashboard. The overall flow looks a little like this:

SSO data model flow
SSO data model flow

Since the SSO request is proxied through Redox, it's not possible for your 302 response to set cookies. Instead, you must pass the session information in the URL. To do this securely, we recommend using a one-time use token.

Things you need to know