Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-43002

Require support for B2B extension for servers supporting client credentials

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US UDAP Security (FHIR)
    • current
    • Security
    • Discovery
    • 2.2
    • Hide

      We will clarify in 5.2.1.1 that servers that support the b2b client_credentials flow must support the AEO in this section.

      Show
      We will clarify in 5.2.1.1 that servers that support the b2b client_credentials flow must support the AEO in this section.
    • Clarification
    • Non-substantive
    • current

    Description

      Currently, section 2.2 shows server support for the B2B extension as optional, in field udap_authorization_extensions_supported.

      Since section 5.2.1 conditionally requires the extension for clients using the client credentials flow, shouldn't support be conditionally required for servers supporting the client credentials flow as well?

      Attachments

        Activity

          People

            Unassigned Unassigned
            jlamy Joseph M. Lamy
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: