FHIR Chat · CapabilityStatement URIs · smart

Stream: smart

Topic: CapabilityStatement URIs

view this post on Zulip Grahame Grieve (Oct 08 2018 at 20:37):

@Josh Mandel the page here http://www.hl7.org/fhir/smart-app-launch/capability-statement/ doesn't say whether the URIs are relative, absolute, or either. @Robert Scanlon

view this post on Zulip Grahame Grieve (Oct 09 2018 at 17:22):

.. no takers?

view this post on Zulip Robert Scanlon (Oct 10 2018 at 13:16):

If we leave it as is, I think we should expect some servers to put out relative URIs, as it seems like it is valid according to the SMART Conformance extensions. For those APIs that are integrating the FHIR and OAuth endpoints onto a single host (as it appears Grahame was doing, and what BlueButton 2 does), it is natural to just use relative URIs. I think that is likely to cause some apps to break in unexpected ways after they are released, as it did with the Inferno app.

view this post on Zulip Robert Scanlon (Oct 10 2018 at 13:22):

Note: Bluebutton 2 is on the same host (at least in the sandbox), but it still uses absolute URIs. Just pointing out that the pattern of having the AuthZ server on the same host as the FHIR endpoint may not be completely uncommon.

view this post on Zulip Robert Scanlon (Oct 10 2018 at 13:37):

Personally I think they should just be absolute. That may complicate servers slightly (if for some reason the host may change... like going from development -> production). But that seems better than than requiring every client to code in logic to basically do "http://example.com/v1/fhir/" + "../oauth/token" = "http://example.com/v1/oauth/token", etc. And whether or not you include that trailing slash on the FHIR endpoint might affect how the relative URI behaves. It just seems like it is going to cause issues. But I don't know if you can formally specify that in the extension, or if there is precedent for something like this.

view this post on Zulip Grahame Grieve (Oct 10 2018 at 16:54):

yes there's precedent for this. @Josh Mandel it's procedurally too late to rule on this, but could we add a recommendation to the version we're about to publish?

view this post on Zulip Josh Mandel (Oct 10 2018 at 19:57):

I also agree they should be an absolute URI. Agreed we should add a recommendation.

view this post on Zulip Grahame Grieve (Oct 10 2018 at 19:59):

make an issue on github?

view this post on Zulip Josh Mandel (Oct 10 2018 at 20:03):

https://github.com/HL7/smart-app-launch/pull/286

view this post on Zulip Dan Gottlieb (Oct 10 2018 at 20:10):

Not directly related, but do we want to restrict the profile/fhirUser claim in an OIDC id token in the same way? It seems like currently it could be either relative or absolute: http://build.fhir.org/ig/HL7/smart-app-launch/scopes-and-launch-context/index.html#scopes-for-requesting-identity-data .

view this post on Zulip Josh Mandel (Oct 10 2018 at 20:31):

I'm not as sure about this one.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -