Stream: smart
Topic: Access token format for SMART on FHIR & Cures Act
Sagar Shah (Jan 05 2021 at 17:43):
Are there any guidelines in terms of access token format in SMART on FHIR spec and 21st Century Cures Act. Can access token be just opaque or does it need to be JWT (Json web token). If JWT, does it need to have any fields at minimum within the access_token field? From this link as I hear (https://www.youtube.com/watch?v=ZK0AKB5PqGM&ab_channel=JoshMandel), there's no such concrete rule mandating access token format or the minimum set of fields to be part of access_token attribute itself. Is that a correct understanding?
Robert Scanlon (Jan 05 2021 at 17:58):
That is correct, ONC's Standardized API criteria does not impose any additional constraints on top of the SMART App Launch Framework regarding the format of the access token, and the SMART App Launch Framework considers the access token opaque.
Sagar Shah (Jan 05 2021 at 19:30):
Thank you @Robert Scanlon for clarifying exactly what I was looking for!
Last updated: Apr 12 2022 at 19:14 UTC
