Stream: cds hooks
Topic: smart on fhir scopes
Brian Postlethwaite (May 02 2018 at 23:14):
Wondering if conflicting scopes has been covered?
specifically if a user has these 2 scopes:
user/*.*
patient/*.read
Does this imply that the access is that any resource is accessible with read/write, except where a patient is involved in the resource, where only read is permitted?
Kevin Shekleton (May 03 2018 at 20:31):
@Brian Postlethwaite - Thanks for giving me another reason as for why we need to get rid of wildcard scopes. :-) Also, This is a SMART question (not exclusive to CDS Hooks)
Josh Mandel (May 03 2018 at 20:39):
Scopes are additive: since patient/*.read is a subset of user/*.*, this is equivalent to user/*.*.
Josh Mandel (May 03 2018 at 20:40):
@Kevin Shekleton This isn't a wildcard issue per se. You'd have the same question about user/Patient.read user/Patient.write patient/Patient.read.
Josh Mandel (May 03 2018 at 20:41):
And the guiding principle is: each scope can be treated/evaluated independently, and they're additive. This is by design in OAuth (although it's not a universally respected principle in all OAuth 2.0-based permission models.)
Kevin Shekleton (May 03 2018 at 20:46):
@Josh Mandel - I agree but wildcards makes it much more muddy.
Brian Postlethwaite (May 03 2018 at 21:55):
(Yes, sorry for asking the smart question in the cdshooks stream)
But you have answered my question
Last updated: Apr 12 2022 at 19:14 UTC
