Integrating Gemini with Haste Health
This guide provides step-by-step instructions for integrating Google Gemini with your Haste Health platform using the Model Context Protocol (MCP). Gemini can access your FHIR data through OAuth authentication, enabling AI-powered healthcare applications.
Overview
Gemini integration with Haste Health involves:
- Registering a ClientApplication - Create OAuth credentials for Gemini
- Installing Gemini Desktop App - Set up the Gemini application
- Configuring MCP Server - Connect Gemini to Haste Health via MCP with OAuth
Prerequisites
Before you begin, ensure you have:
- ✅ A Haste Health account with admin access
- ✅ Access to create ClientApplication resources
- ✅ Your tenant and project identifiers
- ✅ Gemini installed
npm install -g @google/gemini-cli
Step 1: Register a ClientApplication
First, create an OAuth client that Gemini will use to authenticate with Haste Health.
- Admin App
- CLI
- Navigate to Security/ClientApplications in your Haste Health Admin App
- Click New
- Configure the following settings:
| Field | Value | Description |
|---|---|---|
| Name | Gemini | Human-readable name |
| Grant Types | authorization_code and refresh_token | Machine-to-machine authentication |
| Response Types | token | OAuth response type |
| Scope | openid profile email offline_access user/*.* | Access level (read-only or full access) |
| Redirect URIs | http://localhost:7777/oauth/callback | Redirect URI for OAuth flow |
Create the ClientApplication using the Haste Health CLI:
Note that the redirect uri should be http://localhost:7777/oauth/callback per Gemini documentation.
- Click Actions/Create
- ⚠️ Important: Copy and save the generated id for later use.
haste-health api create ClientApplication '{
"resourceType": "ClientApplication",
"name": "Gemini",
"grantType": [
"authorization_code",
"refresh_token"
],
"responseTypes": "token",
"redirectUri": [
"http://localhost:7777/oauth/callback"
],
"scope": "openid profile email offline_access user/*.*"
}'
Response:
{
"resourceType": "ClientApplication",
"id": "generated-id",
"name": "Gemini",
"grantType": [
"authorization_code",
"refresh_token"
],
"responseTypes": "token",
"redirectUri": [
"http://localhost:7777/oauth/callback"
],
"scope": "openid profile email offline_access user/*.*"
}
Scope Configuration
Choose appropriate scopes based on what Gemini needs to access:
Read-Only Access (Recommended for most cases):
"scope": "user/*.read"
Specific Resource Types:
"scope": "user/Patient.read user/Observation.read user/Condition.read"
Full Access (Use with caution):
"scope": "user/*.*"
For more information, see Scopes documentation.
Step 2: Install Gemini CLI.
- Run
npm install -g @google/gemini-clito install the Gemini CLI.
Step 3: Configure Gemini
Navigate to Home/.gemini/settings.json and add a new MCP server configuration. Client ID should be from result in Step 1.
"mcpServers": {
"haste-health": {
"httpUrl": "https://api.haste.health/w/ohio-health/5nst9f43/api/v1/mcp",
"authProviderType": "dynamic_discovery",
"targetAudience": "lir9o7yvzv80yr0dm20pbxz26-",
"oauth": {
"clientId": "lir9o7yvzv80yr0dm20pbxz26-",
"enabled": true,
"scopes": ["openid profile email user/*.*"],
"audiences": ["lir9o7yvzv80yr0dm20pbxz26-"],
"redirectUri": "http://localhost:7777/oauth/callback"
}
}
}
Step 4. Authenticate Gemini with Haste Health
Run the following to open up Gemini in your terminal:
OAUTH_CALLBACK_PORT=7777 gemini
Note OAUTH_CALLBACK_PORT must be set to match port in configuration. This is due to a bug in gemini-cli see the following issue.
then run the following command:
/mcp auth haste-health
This will open a browser window prompting you to log in to Haste Health and authorize Gemini. After successful authentication, Gemini will receive an OAuth token to access your Haste Health data.
Step 5: Test the Integration
Test that Gemini can access your Haste Health data:
Example Prompts
Search for Observations:
Find all blood pressure observations from the last 30 days
Query Patient Data:
Get patient demographics for Buddy.
Analyze Conditions:
List all patients with diabetes and their latest HbA1c readings
Troubleshooting
Common Issues
1. "Invalid Client" Error
Symptom: Gemini cannot authenticate with Haste Health
Solutions:
- ✅ Verify the
client_idmatches the ClientApplication ID exactly - ✅ Check that the ClientApplication exists:
haste-health api read ClientApplication gemini - ✅ Ensure the ClientApplication has
authorization_codeandrefresh_tokengrant types.
2. "Insufficient Scope" Error
Symptom: Authentication works but data access fails
Solutions:
- ✅ Check the
scopefield in your ClientApplication resource - ✅ Ensure requested scopes match what's configured in the ClientApplication
- ✅ Verify access policies grant permissions to your given user.
- ✅ Update scopes:
haste-health api update r4 ClientApplication gemini --data '{ "scope": "system/*.*" }'
Enable Debug Logging
To enable detailed logging for troubleshooting enable debugging in Gemini via --debug flag.
Related Resources
- Model Context Protocol Specification
- Client Registration - Complete ClientApplication documentation
- OAuth 2.0 Authorization codes - Authentication code grant details
- OAuth 2.0 Refresh tokens - Refresh token grant details
- Scopes - OAuth scope configuration
- Model Context Protocol - MCP overview and setup
- FHIR API Documentation - Available FHIR operations
Support
For issues or questions:
- Check the Troubleshooting section above
- Review Gemini logs for error details
- Verify your ClientApplication configuration
- Test OAuth authentication manually
- File an issue on the Haste Health GitHub repository