FHIR Chat · introspection · smart

Stream: smart

Topic: introspection

view this post on Zulip Isaac Vetter (Mar 10 2020 at 04:19):

Now that OAuth2 introspect is required in the US, SMART should describe how it should work. This could be a small project.

view this post on Zulip Josh Mandel (Mar 10 2020 at 15:16):

Agreed -- I'm hoping vendors who have already implemented support for token introspection can share some details here (ideally by linking to public docs ;-))

view this post on Zulip Josh Mandel (Mar 10 2020 at 15:18):

We might even talk about whether, while we've got the SMART v2 pen out, we might take this on in Argonaut (i.e., we're already planning to update the spec; easier to run one ballot for SMART v2, and so on)

view this post on Zulip Isaac Vetter (Mar 10 2020 at 19:07):

Here's Epic's publically available introspect documentation: https://uscdi.epic.com/Specifications?api=488 I think that it would be valuable to draw on other health it developers' experience as well.

view this post on Zulip Isaac Vetter (Mar 10 2020 at 19:07):

Josh - are you sure that scopesv2 isn't a big enough project?!? (Given the complexity, I'm excited and worried about designing something elegant, implementable and satisfactory. )

view this post on Zulip Josh Mandel (Mar 10 2020 at 22:28):

Well, I think scopes-v2 is an unsolvable problem, depending on how we set our goals :-) The devil is in, ahem, scoping that project.

view this post on Zulip Josh Mandel (Mar 10 2020 at 22:29):

But yeah, if we were going to add Token Introspection in our "Project 4" slot, I think we'd want to make a single editorial/balloting push at the end, to bring all the "SMART v2" changes through in one pass.

view this post on Zulip Josh Mandel (Mar 10 2020 at 22:32):

For the Epic service, can you comment on how "JTI" is used? Are your access tokens actually JWTs?

view this post on Zulip Isaac Vetter (Mar 11 2020 at 01:30):

add Token Introspection in our "Project 4" slot

Oh -- awkward. I thought that it'd already been decided that FHIRcast was really the future and this SMART stuff is just a fad ...

view this post on Zulip Josh Mandel (Mar 11 2020 at 01:31):

;-) show me the regs

view this post on Zulip Jenni Syed (Mar 12 2020 at 00:03):

I don't have public doc, but we follow the introspection RFC: https://tools.ietf.org/html/rfc7662

view this post on Zulip Josh Mandel (Mar 12 2020 at 00:29):

Do you include context from the SMART launch, like a patient id?

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -