Stream: smart
Topic: Must Support Params During Error Status Redirect Callback
Josh Lamb (Jun 09 2021 at 00:23):
Hi,
I believe the “state” Param must be echoed back to the redirect url, even when an error occurs, but I do not see this documented anywhere. Is inclusion of the state Param required, as per SMART v1 IG, during the redirect? (E.g. like when the user does not know credentials or they deny access)
Josh Mandel (Jun 09 2021 at 01:52):
https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 documents requirements -- yes, when redirecting to communicate an error to the client, an error and state are required.
Last updated: Apr 12 2022 at 19:14 UTC
