Stream: smart
Topic: Must fhirUser be a URL to a FHIR-conformant service?
Robert Scanlon (Jun 24 2020 at 20:30):
The spec says "To learn more about the user, the app should treat the fhirUser claim as the URL of a FHIR resource representing the current user". Does that URL have to be served by a FHIR-conformant service? For example, can fhirUser point to http://example.com/profile/[username].json and return a valid Person/Patient/etc resource, or is the expectation that fhirUser be of the form http://example.com/Person/[id]?
Isaac Vetter (Jun 26 2020 at 17:48):
Robert, my read was that it should point to <FHIR server>/[Practitioner|Patient|RelatedPerson|Person]/[id], and that's the straightforward expectation, but I don't know that it's the only valid interpretation. Would you require authentication with the access token received alongside the id_token?
Robert Scanlon (Aug 31 2020 at 15:54):
@Isaac Vetter -- thanks for the response, I somehow missed it until now. Allowing other interpretations, and not requiring support for using the access token granted alongside the id_token, would be problematic from a client perspective. They'd have to be prepared to write vendor/product/version specific code to get access to this fhir resource.
Last updated: Apr 12 2022 at 19:14 UTC
