FHIR Chat · Introspection discussion · smart

Stream: smart

Topic: Introspection discussion

view this post on Zulip Bas van den Heuvel (Jan 12 2022 at 17:46):

In the Connecthaton discussion we discussed a set of usefull use cases:

  • Inspect expiration time of
    • Access token
    • Refresh token
  • App using multiple servers
    • Uses same token for both, (how to detect whether this is possible?)
    • Exchanges token from one server for one that works on the other (allows for different scopes).
  • Server is accessed access token for other server
    • can it derive the scope/context (e.g. patient) of the access token?
    • can it access data on the original server? if so, what approach to take? Use provided access token/backend-token/ a new token retrieved using the previous two.

Are these the use cases we discussed or did I miss some?
These are all very valid and should be included in the spec.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -