Skip to main content
Open Source · MIT · Java 21 · SMART v2.2

The complete open source
SMART on FHIR platform

Auth server, SMART client, consent manager, referral module, and ATNA audit — all pre-wired with HAPI FHIR JPA and deployable with one command. No Epic sandbox. No Keycloak. Plain Spring Boot.

Get started →ArchitectureGitHub ↗
296+Tests
62Java files
v2.2SMART spec
R4FHIR version
MITLicense
Java 21Runtime

Platform components — each with its own documentation site

Everything you need. Nothing you don't.

Each component is independently deployable. Use what you need. Replace what you have.

Auth Server
v0.2.3
Stable

Complete SMART App Launch v2.2 authorization server. PKCE S256, EHR launch tokens, RS256 id_token, JPA app registry, IdP federation.

PKCE S256 enforcedAtomic launch tokensRS256 + JWKSAzure AD · Okta · Epic IdP
90 tests
Docs →GitHub ↗
SMART Client
v0.1.0
Stable

Spring Boot 3 SMART App Launch v2.2 client. Dynamic discovery, full Nimbus RS256 id_token verification, proactive token refresh, Thymeleaf clinical UI.

96-byte PKCE verifierFull RS256 verification120s proactive refreshClinical UI
206 tests
Docs →GitHub ↗
HAPI FHIR Plugin
v1.0.0
Stable

Spring Boot autoconfiguration plugin that pre-wires SMART discovery proxy and scope enforcement interceptor onto any HAPI FHIR JPA server.

Discovery proxy filterSmartScopeInterceptorRemoteJWKSet RS256.rs + .read scopes
12 tests
Docs →GitHub ↗
Consent Manager
v1.1.0 planned
Planned

FHIR Consent resource lifecycle. Patient self-service portal, consent enforcement interceptor, full audit trail. GDPR · HIPAA · TEFCA compliant.

FHIR Consent resourcePatient portalEnforcement interceptorGDPR · HIPAA · TEFCA
Docs →
Referral Module
v1.2.0 planned
Planned

FHIR-native inter-facility referral using ServiceRequest and Task resources. Closes the digital information gap between hospitals.

FHIR ServiceRequestFHIR Task workflowCross-facilityStatus tracking
Docs →
ATNA Audit
v1.1.0 planned
Planned

IHE ATNA-compliant audit trail. Every consent decision, FHIR access, and auth event written as FHIR AuditEvent. Queryable, exportable.

IHE ATNA compliantFHIR AuditEventAsync loggingQueryable trail
Docs →

Ecosystem architecture

The complete picture

Five layers from applications to infrastructure. Every layer is open source and replaceable.

L5Applications
SMART ClientPatient PortalClinician PortalThird-party SMART Apps
L4Auth & Identity
Auth ServerPKCE + SMART tokensIdP FederationConsent Manager
L3FHIR Data Layer
HAPI FHIR JPASMART PluginScope EnforcementReferral Module
L2Compliance & Audit
ATNA AuditFHIR AuditEventGDPR · HIPAATEFCA · DISHA
L1Infrastructure
PostgreSQLDocker ComposeAWS Lightsailnginx + Let's Encrypt
BROWSERSERVICESDATAPatient portalClinician login · :9000/portalSMART clientClinical UI · :8081?iss=...&launch=tokenAuthorization serverSpring Auth Server 1.3 · Java 21 · :9000PKCE S256Launch tokensRS256 JWTPostgreSQL · Flyway · 90 testsIdP federation · JWKS endpointDiscovery proxy · Token extrasIdentity providerAzure AD · OktaEpic IdP · ADFSJWKS endpoint/oauth2/jwksRSA-2048 public keyaccess_token+ patient+ id_tokenHAPI FHIR JPA serverFHIR R4 · v7.4.5 · :8080/fhirSmartDiscoveryProxyFilterSmartScopeInterceptorPatient · Condition · MedicationRequest · Observation · AuditEventPostgreSQL:5432cliniciansregistered_appslaunch_contextsBearer tokenFHIR callsscope guarddiscovery proxyEHR launchToken responseFHIR dataScope enforcementInternal
EHR Launch flow — 7 steps
1
Clinician login
2
Select patient
3
Launch token
4
PKCE authorize
5
Token response
6
FHIR access
7
Audit logged

Standards alignment

Built on open standards

HL7Planned
SMART App Launch v2.2
HL7Planned
FHIR R4
IETFPlanned
PKCE RFC 7636
OIDCPlanned
OpenID Connect
IHEIn progress
IHE ATNA
HL7In progress
FHIR Consent
IHEPlanned
IHE MHD
HL7Planned
SMART Backend Services

National health platforms

Designed for national scale

Directly aligned with national Digital Health Blueprint requirements across six countries.

🇱🇰 Sri Lanka
Digital Health Blueprint §6.2.7–6.2.10
Auth · Consent · ATNA · Referral
🇳🇵 Nepal
National eHealth Strategy
FHIR platform · Auth layer
🇮🇳 India
Ayushman Bharat / DISHA
Consent · Patient rights
🇦🇺 Australia
My Health Record
Consent · SMART auth
🇪🇺 EU / EHDS
European Health Data Space
GDPR consent · FHIR exchange
🇺🇸 US / ONC
HTI-1 / TEFCA
SMART v2.2 · Consent 2026
Read national alignment guide →

Commercial support

Open source software. Enterprise support.

Community
Free forever
  • GitHub Issues
  • Community forum
  • FHIR Chat
  • Full documentation
Standard
Contact us
  • Email support
  • 2-day SLA
  • All patch releases
  • 7-day security patches
Most popular
Enterprise
Contact us
  • Phone + email
  • 4-hour SLA
  • 24h security patches
  • Custom feature roadmap
Government
Contact us
  • Custom SLA · 24/7
  • On-premises support
  • Compliance docs
  • Team training

support@ajsmart.com · ajsmart.com/support