Developers vs. Users vs. M2M Clients (Actors)
In Oystehr, an Actor is any of the three Oystehr resources capable of getting an access token to invoke Oystehr's APIs. The three different types of Actors are:
- Developers — Developer accounts are used to log into the Developer Console and administrate Projects.
- Users — Users are the people who log into the Applications you configure for securing the apps you build on top of Oystehr.
- M2M Clients — M2M Clients are used to access Oystehr APIs from scripts and server-side code like Zambda Functions.
Actor | Can log into the Oystehr Developer Console | Can log into your Oystehr Applications | Is a Person | Authenticates with OAuth 2.0 Authorization Code Flow | Authenticates with OAuth 2.0 Client Credentials Flow |
---|---|---|---|---|---|
Developer | ✅ | ✅ | ✅ | ||
User | ✅ | ✅ | ✅ | ||
M2M Client | ✅ |
- Learn how to authenticate as a Developer.
- Learn how to authenticate as a User.
- Learn how to authenticate as an M2M Client.
FHIR Profile
Terminology: FHIR Profile
Every Actor has a FHIR resource that represents them in the FHIR store which is called their "FHIR Profile". The Actor's FHIR Profile serves a few purposes:
- The FHIR Profile documents the existence of the Actor in the FHIR store with an appropriate FHIR resource. You can fill out as much of the information in this resource as suits your use case.
- When the Actor creates a FHIR resource, Oystehr automatically creates a FHIR Provenance record that credits the actor's FHIR Profile in Provenance.agent.who (opens in a new tab).
- The Oystehr Messaging and Telemedicine Services grant Actors access to Conversations and Video Rooms based on the Actors' FHIR Profile being recorded in Encounter.participant.actor (opens in a new tab).
Disambiguation: Do not confuse an Actor's FHIR profile with FHIR profiling (opens in a new tab).
Default Actor FHIR Profile Resource Types
Actor | FHIR Resource |
---|---|
Developer | Practitioner |
User | Patient, Practitioner |
M2M Client | Device |
Updating a User or M2M Client's FHIR Profile
While the default User profile works great for many use cases, you may wish to give a User or M2M Client a FHIR Profile that is different from the one that is created and assigned by default.
Example cases:
- You may have a FHIR Patient resource that represents a patient before they first authenticate and have a User in the system.
- You may wish to replace a User's FHIR Profile resource in the event you have duplicate Patient resources in the system and do a merge.
- You may wish to emulate Users using M2M Clients in automated tests.
The User (opens in a new tab) and M2M Client (opens in a new tab) update endpoints allow for replacing the FHIR Profile with a different FHIR Patient, Practitioner, or Device resource.
When you replace an Actor's FHIR Profile with a different resource, any audit trail FHIR resources tied to their previous FHIR Profile resource become unattached from the Actor. You may wish to search and patch related Provenance (opens in a new tab) and AuditEvent (opens in a new tab) resources at the time you associate the new FHIR Profile depending on your use case.