Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Highest
-
SMART on FHIR (FHIR)
-
2.0.0
-
FHIR Infrastructure
-
STU
-
App Launch: Scopes and Launch Context
-
2.2.10
-
-
Bas van den Heuvel / Alexander Zautke: 11-0-0
-
Clarification
-
Compatible, substantive
Description
For instance, imagine a FHIR server that today just exposes the Patient resource. The authorization server asking a patient to authorize a SMART app requesting patient/*.cruds should inform the user that they are being asked to grant this SMART app access to not just the currently accessible data about them (patient demographics), but also any additional data the FHIR server may be enhanced to expose in the future (eg, genetics).
In the case that user/*.cruds has been granted and the user is not allowed to access Condition resources. What will happen when the client accesses those resources? An error or an empty Bundle? I assume the latter. Throwing an error would not be in line with the granted scope.
Please clarify this in the specification.
As with any requested scope, the scopes ultimately granted by the authorization server may differ from the scopes requested by the client! When dealing with wildcard clinical scope requests, this is often true.
I would add an remark that the data provided is the data the user has access to and does not automatically include all data available in the server.
Attachments
Issue Links
- is voted on by
-
BALLOT-17347 Negative - Bas van den Heuvel : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17698 Negative - Ana Kostadinovska : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17760 Negative - Ricardo Quintano : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17804 Negative - Timon Grob : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17844 Negative - Chris Melo : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17903 Negative - Javier Espina : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
- relates to
-
FHIR-32251 Wildcard scopes and writing
- Published