Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tip
If you're using Microsoft Entra, see Dragon Copilot access token requirements using Microsoft Entra.
Authentication tokens generated by SDK partners must meet the following requirements:
- Must be in JSON web token (JWT) format conforming to RFC 7519.
- The issuer (iss) claim must uniquely identify the partner. It can also identify the Microsoft customer.
- If the issuer claim doesn't identify the partner and customer, an additional claim, ideally named 
http://customerid.dragon.com/, must identify the customer. - The subject (sub) claim must identify the end user. The value of the subject (sub) claim must be mapped to a Microsoft user as an out of band process completed in the management console.
- JWT metadata must be available at /.well-known/openid-configuration
- The public portion of the signing keys must be available on the internet at
/.well-known/jwks.jsonor specified in the openid-configuration via thejwks_uriproperty. - The value of the audience (aud) claim must match the value required by the DAX streaming endpoint:
https://streaming.daxcopilot.com.
Customizable access token claims
Some of the access token claims are customizable. As part of the onboarding process, you can share information on claims you would like to customize and we can configure those claims accordingly. Each of these claims is optional; you may choose to ignore or exclude these claims. If the claims aren't provided, Dragon Copilot looks for the default claim name.
| App config | Default claim name |
|---|---|
OrgGuidClaim |
http://customerid.dragon.com |
UserEhrIdClaim |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
UserEmailClaim |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
UserFirstNameClaim |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
UserLastNameClaim |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Sample tokens
Example 1: You send the customer ID; the user ID contains the Microsoft EHR ID.
{
"iss": "https://partner-app.test.com",
"http://customerid.dragon.com": "11111111-2222-3333-4444-555555555555",
"sub": "ehrId123",
"aud": "https://streaming.daxcopilot.com",
"nbf": 1726068177,
"exp": 1726069977,
"iat": 1726068177,
}
Example 2: You include the customer ID in your custom claim and the user ID contains the Microsoft EHR ID. Make sure the custom claim name for the organization is configured in the EHR integration service.
{
"iss": "https://partner-app.test.com",
"customerId": "11111111-2222-3333-4444-555555555555",
"sub": "ehrId123",
"aud": "https://streaming.daxcopilot.com",
"nbf": 1726068177,
"exp": 1726069977,
"iat": 1726068177,
}