locked
PPE re-authorization RRS feed

  • Question

  • How can a Health Vault account holder re-authorize the use of an application?

    The https://account.healthvault-ppe.com/programs link returns a 'Page not found' error when the account holder logs in. Through testing, the account was de-activated for use with our app. Now, this account cannot be used to log into our app (HealthServiceException - The person has no records that are authorized with the "self" relationship.)

    Thanks,

    Ken J.
    Tuesday, June 2, 2009 6:47 PM

Answers

  • It sounds like your application isn't handling that state properly (where a user has removed auth).  Your application logic needs to catch the error when you no longer have authorization for an account/record, and handle it appropriately.  One way to handle this is to redirect users back to the application authorization workflow on HealthVault using the Shell redirect mechanism.

    See more on the shell redirect interface here:

    http://msdn.microsoft.com/en-us/healthvault/cc265056.aspx
    Tuesday, June 2, 2009 9:40 PM

All replies

  • It sounds like your application isn't handling that state properly (where a user has removed auth).  Your application logic needs to catch the error when you no longer have authorization for an account/record, and handle it appropriately.  One way to handle this is to redirect users back to the application authorization workflow on HealthVault using the Shell redirect mechanism.

    See more on the shell redirect interface here:

    http://msdn.microsoft.com/en-us/healthvault/cc265056.aspx
    Tuesday, June 2, 2009 9:40 PM
  • Thanks Lowell.

    As it turns out, the test account we were using had multiple members - and one of them still had access granted to our app. That's the part that confused me as I thought ALL access to our app had been removed. But, it pointed out another flaw - we cannot assume all health records are always available and need to handle those exceptions.

    Ken J.
    Wednesday, June 3, 2009 3:26 PM
  • *nods* ah, that makes total sense.  The account/record relationship can be tricky, and while adding flexibility definitely increases some complexity in the application logic side of things.

    Apologies that our docs weren't more clear and obvious about handling this state-- glad to hear things are working better now!
    Wednesday, June 3, 2009 5:12 PM
  • I do have a follow up question:

    Suppose an account (in this case the HV user has 3 sets of records, himself, spouse and child) de-authorized access to our app inadvertantly for the child.

    Our PersonInfo AuthorizedRecords has a count of 2.

    How can the custodian re-authorize that record to use our application without removing access to ALL records and then using our app (which re-directs back to the Shell for authorization)???

    Ken J.
    Wednesday, June 3, 2009 8:49 PM