Other properties might be passed by the server
The access token issued by the authorization server
If you have requested openid and profile scopes the profile of
the active user will be available as client_id.
NOTE: Regardless of it's name, this property does not store an ID
but a token that also suggests the user type like Patient/123,
Practitioner/xyz etc.
If you have requested that require it (like launch or launch/encounter)
the selected encounter ID will be available here.
NOTE: This is not widely supported as of 2018.
Lifetime in seconds of the access token, after which the token SHALL NOT be accepted by the resource server
Authenticated patient identity and profile, if requested
If present, this tells the app that it is being rendered within an EHR frame and the UI outside that frame already displays the selected patient's name, age, gender etc. The app can decide to hide those details to prevent the UI from duplicated information.
If you have requested that require it (like launch or launch/patient)
the selected patient ID will be available here.
Token that can be used to obtain a new access token, using the same or a subset of the original authorization grants
Scope of access authorized. Note that this can be different from the scopes requested by the app.
This could be a public location of some style settings that the EHR would like to suggest. The app might look it up and optionally decide to apply some or all of it.
Fixed value: bearer
Generated using TypeDoc
The response object received from the token endpoint while trying to exchange the auth code for an access token. This object has a well-known base structure but the auth servers are free to augment it with additional properties.
http://docs.smarthealthit.org/authorization/