Details
-
Change Request
-
Resolution: Persuasive
-
Medium
-
SMART on FHIR (FHIR)
-
1.0 [deprecated]
-
FHIR Infrastructure
-
(many)
-
-
Rick Geimer / Michael Donnelly: 34-0-1
-
Enhancement
-
Compatible, substantive
-
Yes
Description
With feedback from implementers convened in last year's "Granular Scopes" Argonaut project, we've identified areas for enhancements and clarifications to the SMART App Launch specification.
- clarification on launch context scopes for consistency
- new scope syntax for granular permissions (e.g., category level access)
- POST-based authorization to limit URL size
- addition of PKCE to authorization requirements to support OAuth best practices
- addition of asymmetric client authentication
- profiling on token introspection for alignment with context scopes
- guidance for permission requests and communicating them to end users
- updates to .well-known/smart-configuration to support the enhancements above
Attachments
Issue Links
- relates to
-
FHIR-30583 clarification on launch context scopes for consistency
- Published
-
FHIR-30586 new scope syntax for granular permissions (e.g., category level access)
- Published
-
FHIR-30588 POST-based authorization to limit URL size
- Published
-
FHIR-30589 addition of PKCE to authorization requirements to support OAuth best practices
- Published
-
FHIR-30590 addition of asymmetric client authentication
- Published
-
FHIR-30591 profiling on token introspection for alignment with context scopes
- Published
-
FHIR-30592 guidance for permission requests and communicating them to end users
- Published
-
FHIR-30593 updates to .well-known/smart-configuration to support the enhancements above
- Published