Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32371

Adoption of SMART PKCE requirement

    XMLWordPrintableJSON

    Details

    • Type: Comment
    • Status: Resolved - No Change (View Workflow)
    • Priority: Highest
    • Resolution: Considered - No action required
    • Specification:
      SMART on FHIR (FHIR)
    • Raised in Version:
      current
    • Work Group:
      FHIR Infrastructure
    • Related Page(s):
      Overview
    • Related Section(s):
      1.0.2.3
    • Grouping:
    • Resolution Description:
      Hide

      We agree this is important; the spec calls out PKCE as a requirement for public clients in SMARTv2, so there should be no further change needed.

      Show
      We agree this is important; the spec calls out PKCE as a requirement for public clients in SMARTv2, so there should be no further change needed.

      Description

      VA production FHIR R4 API currently requires PKCE for public clients that cannot keep a secret. It is a high priority for VA to have this new SMART PKCE requirement adopted so that it is widely supported by application developers. See https://developer.va.gov/explore/authorization?api=fhir

      (Comment 1 - imported by: Vannak Kann)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              dcarlson Dave Carlson
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: