> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorized Apps

> View and manage third-party applications a patient has authorized to access their health information via FHIR consent.

The Authorized Apps screen displays a patient-scoped list of FHIR-consented third-party applications and their current access status at route `/pm/patients/:patientId/authorized-apps`.

## Overview

The page loads consents for the given `patientId` via `useAuthorizedApps`. Each row shows the app logo (or a phone placeholder), app name, an Active or Revoked badge, and the grant date from `granted_at`. A toggle switch labeled "Show revoked apps" (default off) passes `includeRevoked` to the hook to include revoked consents. Clicking **Manage** on any row opens `AppConsentSheet` to perform consent management actions. The empty state message reads: "When you connect a third-party app to your health record, it will appear here."

## Who it's for

Requires permission `PM_PERMISSIONS.FHIR_CONSENT_VIEW` (enforced via `RequirePermission` in the route definition).

## Before you start

* You need the `pm.fhir.consent.view` permission.
* Navigate here from a patient's detail page; the route requires a valid `patientId`.

## Steps

<Steps>
  <Step title="Open Authorized Apps for a patient">
    Navigate to `/pm/patients/:patientId/authorized-apps` for the relevant patient.
  </Step>

  <Step title="Review active consents">
    Each card shows app name, Active/Revoked status badge, and the date the consent was granted.
  </Step>

  <Step title="Show revoked apps (optional)">
    Toggle **Show revoked apps** to include previously revoked consents in the list.
  </Step>

  <Step title="Manage a consent">
    Click **Manage** on a consent row to open the AppConsentSheet for further actions.
  </Step>
</Steps>

## Key concepts

| Term                   | Meaning in code                                                                             |
| ---------------------- | ------------------------------------------------------------------------------------------- |
| `PatientAccessConsent` | Database row for a patient's consent to a third-party app                                   |
| `FhirAppRegistration`  | The registered app record with `app_name`, `app_type`, `logo_url`, `homepage_url`, `status` |
| `granted_at`           | Timestamp when the patient granted consent                                                  |
| `revoked_at`           | Timestamp when consent was revoked; non-null = Revoked badge                                |
| `includeRevoked`       | Query filter; toggled by the "Show revoked apps" switch                                     |

## Related

<Columns cols={2}>
  <Card title="Practice Management" icon="briefcase" href="/pm/overview">
    Practice Management core overview.
  </Card>

  <Card title="Governance & parity" icon="scale-balanced" href="/governance/index">
    Documentation coverage and governance.
  </Card>
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/pm.tsx
  * src/cores/pm/pages/AuthorizedAppsPage.tsx
  * src/cores/pm/hooks/useAuthorizedApps.ts
  * src/cores/pm/components/AppConsentSheet.tsx
</Accordion>
