XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Published (View Workflow)
    • Priority: Highest
    • Resolution: Persuasive
    • Specification:
      SMART on FHIR (FHIR)
    • Raised in Version:
      2.0.0
    • Work Group:
      FHIR Infrastructure
    • Outstanding Negatives:
      STU
    • Related Page(s):
      Overview
    • Grouping:
    • Resolution Description:
      Hide

      Update: Apps SHALL generate an unpredictable state parameter for each user session. An app SHALL validate the state value for any request sent to its redirect URL; include state with all authorization requests; and validate the state value included in access tokens it receives.

       

      To read: Apps SHALL generate an unpredictable state parameter for each user session; SHALL include state with all authorization requests; and SHALL validate the state value for any request sent to its redirect URL.

      Show
      Update: Apps SHALL generate an unpredictable  state  parameter for each user session. An app SHALL validate the  state  value for any request sent to its redirect URL; include  state  with all authorization requests; and validate the  state  value included in access tokens it receives.   To read: Apps SHALL generate an unpredictable  state  parameter for each user session; SHALL include  state  with all authorization requests; and SHALL validate the  state  value for any request sent to its redirect URL.
    • Resolution Vote:
      Gino Canessa/Yunwei Wang: 13-0-0
    • Change Category:
      Correction
    • Change Impact:
      Non-substantive

      Description

      • Apps SHALL generate an unpredictable state parameter for each user session. An app SHALL validate the state value for any request sent to its redirect URL; include state with all authorization requests; and validate the state value included in access tokens it receives.

      Access tokens are opague, how does one validate the state value?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              carl-anderson-msft Carl Anderson
              Reporter:
              bvdh Bas van den Heuvel
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Vote Date: