Stream: implementers
Topic: OAuth2 for "public client"?
John Silva (Jun 09 2021 at 18:02):
Is it possible to use a Postman (or curl) set of requests to be able to perform OAuth2 authentication for "public client" SMART on FHIR apps?
This RFC seems to imply that Basic auth can be used: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
[BTW, the Epic sandbox has sample patient data that seems to use username/password with OAuth2; not sure how to get it to work with Postman or if it's even possible. https://fhir.epic.com/Documentation?docId=testpatients ]
Michele Mottini (Jun 09 2021 at 18:04):
Not really - authentication requires entering credentials in a web page, not something you can do with curl.
Cooper Thompson (Jun 09 2021 at 18:16):
Postman has a OAuth2 auth helper that pops up a embedded browser for the login. But Michele is right about curl - that generally won't work.
John Silva (Jun 09 2021 at 18:19):
Thanks @Michele Mottini and @Cooper Thompson . I was mostly interested in Postman so I'll have to try that OAurh2 helper.
Last updated: Apr 12 2022 at 19:14 UTC
