Stream: implementers
Topic: SMART on FHIR OAuth2 Scopes
Dylan Mahalingam (Jul 20 2017 at 12:09):
Hi all. I am having an issue with SMART on FHIR and scopes for OAuth2. I need to do some testing of OAuth2 scope functionality with my app, and I've been primarily using the HSPC Sandbox.
To my understanding, the scope "launch openid profile patient/*.read" should be giving me access to all of the resources attached to the chosen Patient resource. However, I believe that the scope "launch" should launch my app but not allow me any access to resources attached to the Patient resource. It seems, though, that when I only provide "launch" as a scope, my app is still given full access permissions to these resources. Is my understanding of the scopes correct? If so, does that mean the HSPC Sandbox defaults to giving full access permissions?
I am looking for a way to force the test server to not give me access, so that I can test certain functionality of my app. If my understanding of scopes is correct, does anyone know how to override the default scopes in the HSPC Sandbox, if possible? If my understanding of scopes is incorrect, could someone help to correct my understanding?
Thank you!
Grahame Grieve (Jul 25 2017 at 08:00):
I see no one responded to this - did you try the smart forum?
Last updated: Apr 12 2022 at 19:14 UTC
