Stream: smart
Topic: fail auth
David Hay (Nov 04 2018 at 19:38):
What;'s the recommended action if a used fails the authorization step? the spec states "This decision is communicated to the app when the EHR authorization server returns an authorization code" - but not how the error is communicated... I imagine that the callback is still called (but with no code) - is there a standard way of indicating the error?
Pascal Pfiffner (Nov 04 2018 at 19:51):
The OAuth2 spec outlines the way errors are communicated back. Specifically, if the user denies authorization, the redirect URI should be called with an error key: https://tools.ietf.org/html/rfc6749#section-4.1.2.1
David Hay (Nov 04 2018 at 20:05):
Thanks!
Last updated: Apr 12 2022 at 19:14 UTC
