Details
-
Change Request
-
Resolution: Persuasive
-
Medium
-
SMART on FHIR (FHIR)
-
2.0.0
-
FHIR Infrastructure
-
STU
-
Best Practices
-
-
Gino Canessa/Yunwei Wang: 13-0-0
-
Enhancement
-
Non-substantive
Description
The non-normative best practices page should include the following
—
Best practices for server developers include:
- Remind users which apps have offline access (keeping in mind that too many reminders lead to alert fatigue)
- Mitigate threats of compromised refreshed tokens.
- Expire an app's authorization if a refresh token is used more than once (see OAuth 2.1 section 6.1)
- Consider offering clients a way to bind refresh tokens to asymmetric secrets managed in hardware
- E.g., per-device dynamic client registration (see ongoing work on UDAP specifications)
- E.g., techniques like the draft DPOP specification
Attachments
Issue Links
- is voted on by
-
BALLOT-17396 Negative - Josh Mandel : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Withdrawn
-
BALLOT-17406 Negative - Christopher Schaut : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Withdrawn
-
BALLOT-17409 Negative - Brett Marquard : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Withdrawn
-
BALLOT-17880 Negative - Michael Clifton : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Withdrawn
-
BALLOT-17400 Negative - Jenni Syed : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17424 Negative - Hans Buitendijk : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17735 Negative - Vassil Peytchev : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17790 Negative - Doug Pratt : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17833 Negative - Chris Courville : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17875 Negative - David Sundaram-Stukel : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-17892 Negative - Amit Popat : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed