Skip to main content
Glama
wso2

FHIR MCP Server

by wso2
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

get_user

Retrieve the authenticated user's FHIR profile to access demographic and contact details for healthcare data integration.

Instructions

Retrieves the authenticated user's FHIR profile. Use this tool when you need to access the current user's demographic and contact details.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Implementation Reference

  • src/fhir_mcp_server/server.py:697-764 (handler)
    The 'get_user' tool implementation is defined as an MCP tool in 'server.py'. It authenticates the user, retrieves their FHIR resource using the ID token, and formats the result as a user profile.
    @mcp.tool(
    description=(
        "Retrieves the authenticated user's FHIR profile. "
        "Use this tool when you need to access the current user's demographic and contact details."
    )
)
async def get_user() -> Annotated[
    list[Dict[str, Any]] | Dict[str, Any],
    Field(
        description="A dictionary containing the authenticated user's demographic information such as 'id', 'name', and 'birthDate'."
    ),
]:
    try:
        logger.debug("Retrieving authenticated user's profile.")

        # Validate user authentication
        user_token = await get_user_access_token()
        if not user_token:
            logger.debug("Unauthorized access attempt to get_me endpoint.")
            return {}

        # Retrieve token metadata
        token_metadata = server_provider.token_metadata_mapping.get(
            user_token.access_token
        )
        if not token_metadata:
            logger.debug("Token metadata not found for authenticated user.")
            return {}

        # Extract ID token information
        id_token = token_metadata.get_id_token()
        if not id_token:
            logger.debug("ID token not found in token metadata.")
            return {}

        # Validate resource identifiers
        resource_id = id_token.resource_id
        resource_type = id_token.resource_type

        if not resource_id or not resource_type:
            logger.debug("Resource ID or type missing from ID token.")
            return {}

        logger.debug(f"Fetching FHIR resource: {resource_type}/{resource_id}")

        # Fetch user's FHIR resource
        client: AsyncFHIRClient = await get_async_fhir_client()
        resource: Dict[str, Any] = await client.get(
            resource_type_or_resource_or_ref=resource_type, id_or_ref=resource_id
        )

        # Build response with only available fields
        profile: Dict[str, Any] = build_user_profile(resource)

        logger.debug(
            f"Successfully retrieved profile for user: {resource_type}/{resource_id}"
        )
        return profile

    except ValueError as ex:
        logger.exception(
            "Authorization error occurred while reading user resource. Caused by, ",
            exc_info=ex,
        )
        return await get_operation_outcome(
            code="forbidden",
            diagnostics="The user does not have the rights to perform read operations.",
        )

Tool Definition Quality

A3.8/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It discloses that it retrieves the 'authenticated user's' profile, implying authentication requirements, and mentions 'demographic and contact details' as output content. However, it lacks details on error conditions, rate limits, or whether it's read-only/safe—critical for a tool with no annotations. This is adequate but has clear gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two concise sentences with zero waste: the first states the purpose, and the second provides usage guidelines. It's front-loaded with the core action and efficiently adds context without redundancy. Every sentence earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (simple retrieval), no annotations, no output schema, and 0 parameters, the description is minimally adequate. It covers the purpose and usage but lacks behavioral details like response format or error handling. For a tool with no structured fields to rely on, it should do more to be complete, but it meets the minimum viable threshold.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The tool has 0 parameters, and schema description coverage is 100% (empty schema). The description doesn't need to explain parameters, and it correctly avoids adding unnecessary details. A baseline of 4 is appropriate for zero-parameter tools, as there's no parameter semantics to cover beyond what the schema provides.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Retrieves the authenticated user's FHIR profile' (specific verb+resource). It adds context about accessing 'demographic and contact details,' which helps distinguish it from generic 'get' operations. However, it doesn't explicitly differentiate from sibling tools like 'read' or 'search,' which might also retrieve user data, preventing a perfect score.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear usage guidance: 'Use this tool when you need to access the current user's demographic and contact details.' This gives context for when to invoke it. However, it doesn't specify when NOT to use it or mention alternatives among sibling tools (e.g., 'read' might retrieve other users' profiles), so it falls short of a 5.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/wso2/fhir-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server