Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-27830

Clarify response_types_supported acceptable values

    XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Applied (View Workflow)
    • Priority: Medium
    • Resolution: Persuasive
    • Specification:
      SMART on FHIR (FHIR)
    • Raised in Version:
      1.0
    • Work Group:
      FHIR Infrastructure
    • Outstanding Negatives:
      STU
    • Related Page(s):
      (NA)
    • Related Section(s):
      4.2, 4.3
    • Grouping:
    • Resolution Description:
      Hide
      Show
      Remove "refresh_token" from the example list of "response_types_supported"  In the definition of this field, add : "implementers can refer to response_types defined in OAuth 2.0 ( https://datatracker.ietf.org/doc/html/rfc6749)  and in OIDC Core ( https://openid.net/specs/openid-connect-core-1_0.html#Authentication "
    • Resolution Vote:
      Gino Canessa/Yunwei Wang: 13-0-0
    • Change Category:
      Correction
    • Change Impact:
      Non-substantive

      Description

      In the SMART conformance doc: http://www.hl7.org/fhir/smart-app-launch/conformance/index.html#sample-response

      the resonse_types_supported states:

      response_types_supported: RECOMMENDED, array of OAuth2 response_type values that are supported

      Is there any subset of defined values that is pulled from? EG: from the example:

      "response_types_supported": ["code", "code id_token", "id_token", "refresh_token"],

      code is part of OAuth 2 base, code id_token, and id_token are from Openid Connect. 

      Action:

      refresh_token should be removed as it's not a grant response that I'm aware of (see also conversation on zulip [1]).

      Link to or define the acceptable set of values more formally vs the definition being primarily contained within examples as it is today. Proposed stater set would be the OpenId Connect and base OAuth 2 specifications (though SMART doesn't go much beyond the "code" grant type today - will we accept others here?).

       

       [1] https://chat.fhir.org/#narrow/stream/179170-smart/topic/response_types_supported.20values

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              carl-anderson-msft Carl Anderson
              Reporter:
              jenni_syed Jenni Syed
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Vote Date: