SMART App Launch token responses extend OAuth 2.0 with launch context (patient, encounter, id_token).
Aidbox token responses may also include userinfo, containing the Aidbox User resource.
id_token (when scope includes openid) is not validated by this library — callers that rely on id_token claims for authorization decisions must verify the JWT signature, iss, aud, and exp themselves.
Token bundle returned by
exchangeCode.SMART App Launch token responses extend OAuth 2.0 with launch context (
patient,encounter,id_token). Aidbox token responses may also includeuserinfo, containing the AidboxUserresource.id_token(when scope includesopenid) is not validated by this library — callers that rely on id_token claims for authorization decisions must verify the JWT signature,iss,aud, andexpthemselves.