Details
-
Change Request
-
Resolution: Unresolved
-
Medium
-
US UDAP Security (FHIR)
-
1.0.0
-
Security
-
Discovery
-
2.2
Description
The field "udap_authorization_extensions_required" says "Authorization Extension Objects required by the Authorization Server in every token request", but if the server supports both authorization_code and client_credentials, then the hl7-b2b extensions will not be required in every token request, only the B2B requests, thus "hl7-b2b" should not be specified here.
Is the intent of this metadata field to specify required extensions on every token request, or only client credentials token requests?
Attachments
Issue Links
- mentioned in
-
Page Loading...