Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-30578

Incorporate support for granular scopes and other improvements

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Medium Medium
    • SMART on FHIR (FHIR)
    • 1.0 [deprecated]
    • FHIR Infrastructure
    • (many)
    • Hide

      1. Merge the changes from this tracker item into SMART App Launch

      2. Create sub-items for each of the 8 bullets in the description, and approve them also

      Show
      1. Merge the changes from this tracker item into SMART App Launch 2. Create sub-items for each of the 8 bullets in the description, and approve them also
    • Rick Geimer / Michael Donnelly: 34-0-1
    • Enhancement
    • Compatible, substantive
    • Yes

    Description

      With feedback from implementers convened in last year's "Granular Scopes" Argonaut project, we've identified areas for enhancements and clarifications to the SMART App Launch specification.

      • clarification on launch context scopes for consistency
      • new scope syntax for granular permissions (e.g., category level access)
      • POST-based authorization to limit URL size
      • addition of PKCE to authorization requirements to support OAuth best practices
      • addition of asymmetric client authentication
      • profiling on token introspection for alignment with context scopes
      • guidance for permission requests and communicating them to end users
      • updates to .well-known/smart-configuration to support the enhancements above

      See WIP at http://build.fhir.org/ig/HL7/smart-app-launch/

      Attachments

        Activity

          People

            Unassigned Unassigned
            jmandel Josh Mandel
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: