Details
-
Change Request
-
Resolution: Not Persuasive
-
Medium
-
SMART on FHIR (FHIR)
-
current
-
FHIR Infrastructure
-
STU
-
(many)
-
-
Gino Canessa/Yunwei Wang: 13-0-0
Description
The new version of the SMART specification appears to add features that bring it in closer alignment with the OAuth 2.1 specification (in particular, PKCE and the addition of support for HTTP POST at the authorization resource.) If there is an intent to formally align this specification with OAuth 2.1, we would also formally recommend other changes incorporated in the OAuth 2.1 specification. These include:
- Strict redirect_uri comparison per 4.1.1.1 [1]
- Refresh token rotation required for public client applications (or, protection via a chosen cryptographic binding method; rotation seems most immediately accessible.) per 6.1 [2]
Attachments
Issue Links
- is voted on by
-
BALLOT-17372 Negative - Jenni Syed : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17381 Negative - Hans Buitendijk : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17796 Negative - Doug Pratt : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed