Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-40022

Clarify if backend services only support up-to 5 minute authorization

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Highest Highest
    • SMART on FHIR (FHIR)
    • 2.0.0
    • FHIR Infrastructure
    • (NA)
    • Hide

      After "Access tokens issued under this profile SHALL be short-lived; the expires_in value SHOULD NOT exceed 300, which represents an expiration-time of five minutes.", add a sentence stating "To establish longer-term access, clients can request new access tokens as needed."

      Show
      After "Access tokens issued under this profile SHALL be short-lived; the expires_in value SHOULD NOT exceed 300, which represents an expiration-time of five minutes.", add a sentence stating "To establish longer-term access, clients can request new access tokens as needed."
    • Bas van den Heuvel / Yunwei Wang: 13-0-0
    • Clarification
    • Non-substantive

    Description

      If we combine this statement with the statement in section 7.0.7.2.4 that "expires_in should not exceed 300", it becomes unclear how to support long-lived server-to-server connections.

      Please add discussion of maintaining authorization over an extended time.

      Existing Wording:

      Refresh tokens SHOULD NOT be issued

      (Comment 38 - imported by: Ron G. Parker)

      Attachments

        Activity

          People

            Unassigned Unassigned
            Rongparker Ron G. Parker
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: