Stream: implementers
Topic: smart authorization
Rob Resendez (May 27 2020 at 19:32):
Is this an appropriate place to discuss smart?
Looking for a bit of banter...
I currently have a different fhir "base url" per tenant. different authorization requirements for patient vs ehr-user seems to make it necessary to have _two_ base urls per tenant. Sure would be fantastic if the spec supported multiple "security metadatas" instead of one (eg: user vs system vs patient) -- for cases like mine where there is just one resource server, but multiple authorization endpoints.
I am also trying to support dynamic registration. I'm having trouble navigating this... it seems that the idea is that the client finds out about the auth server via the metadata / well-known endpoints. How did the client find out about those endpoints??
Curious if others have one client registration that works among its tenants, or are client credentials managed on a per tenant basis?
Lloyd McKenzie (May 27 2020 at 19:35):
Best place is #smart
Rob Resendez (May 27 2020 at 19:43):
thanks
Last updated: Apr 12 2022 at 19:14 UTC
