Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32216

openid and fhiruser usefull beyond end-user identity authentication

    XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Applied (View Workflow)
    • Priority: Highest
    • Resolution: Persuasive
    • Specification:
      SMART on FHIR (FHIR)
    • Raised in Version:
      2.0.0
    • Work Group:
      FHIR Infrastructure
    • Related Page(s):
      Overview
    • Related Section(s):
      1.6.1.1
    • Grouping:
    • Resolution Description:
      Hide

      Change: If the app needs to authenticate the identity of the end-user

       

      To say: If the app needs to authenticate the identify of or retrieve information about the end-user

      Show
      Change: If the app needs to authenticate the identity of the end-user   To say:  If the app needs to authenticate the identify of or retrieve information about the end-user
    • Resolution Vote:
      Gino Canessa/Yunwei Wang: 13-0-0
    • Change Category:
      Correction
    • Change Impact:
      Non-substantive

      Description

      If the app needs to authenticate the identity of the end-user, it should include two OpenID Connect scopes: openid and fhirUser. When these scopes are requested, and the request is granted, the app will receive an id_token along with the access token. For full details, see SMART launch context parameters.

      This information is not just for authentication, also for retrieving information on the end-user for use in its UI. Please revise the sentence.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              carl-anderson-msft Carl Anderson
              Reporter:
              bvdh Bas van den Heuvel
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Vote Date: