Details
-
Change Request
-
Resolution: Persuasive
-
Highest
-
SMART on FHIR (FHIR)
-
2.0.0
-
FHIR Infrastructure
-
STU
-
Overview
-
1.6.1.1
-
-
Gino Canessa/Yunwei Wang: 13-0-0
-
Clarification
-
Non-substantive
Description
The app SHALL use an unpredictable value for the state parameter with at least 122 bits of entropy (e.g., a properly configured random uuid is suitable). The app SHALL validate the value of the state parameter upon return to the redirect URL and SHALL ensure that the state value is securely tied to the user's current session (e.g., by relating the state value to a session identifier issued by the app).* The app SHOULD limit the grants, scope, and period of time requested to the minimum necessary.*
This sentence does not seem to be related to the rest of the paragraph.
To what does this relate? The access token or the code? Neither is discussed in this section.
Please clarify
Attachments
Issue Links
- is voted on by
-
BALLOT-17331 Negative - Bas van den Heuvel : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17711 Negative - Ana Kostadinovska : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17773 Negative - Ricardo Quintano : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17817 Negative - Timon Grob : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17857 Negative - Chris Melo : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17916 Negative - Javier Espina : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed