Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32219

Why not refer to OAuth2.1?

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Highest Highest
    • SMART on FHIR (FHIR)
    • current
    • FHIR Infrastructure
    • Overview
    • 16.1.3
    • Hide

      We refer to OAuth 2.0 and not OAuth 2.1 because OAuth 2.1 is still an early-stage draft.

       

      For consistency with other links to the OAuth spec, we will update:

      > as described in section 4.1.3 of RFC6749.

      To read:

      > as described in section 4.1.3 of RFC6749.

      Show
      We refer to OAuth 2.0 and not OAuth 2.1 because OAuth 2.1 is still an early-stage draft.   For consistency with other links to the OAuth spec, we will update: > as described in  section 4.1.3 of RFC6749 . To read: > as described in section 4.1.3 of RFC6749 .
    • Gino Canessa/Yunwei Wang: 13-0-0
    • Clarification
    • Non-substantive

    Description

      After obtaining an authorization code, the app trades the code for an access token via HTTP POST to the EHR authorization server's token endpoint URL, using content-type application/x-www-form-urlencoded, as described in section* 4.1.3 of RFC6749.*

      Suggest to refer to OAuth2.1 instead of deeplinking into OAuth2.1 requirements.

      Attachments

        Activity

          People

            carl-anderson-msft Carl Anderson (Inactive)
            bvdh Bas van den Heuvel
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: