Stream: smart
Topic: response_types_supported values
Jenni Syed (Jun 16 2020 at 19:18):
Looking at the conformance doc: http://www.hl7.org/fhir/smart-app-launch/conformance/index.html#sample-response
the resonse_types_supported states:
response_types_supported: RECOMMENDED, array of OAuth2 response_type values that are supported
Is there any subset of defined values that is pulled from? EG: from the example:
"response_types_supported": ["code", "code id_token", "id_token", "refresh_token"],
I know code is part of OAuth 2 base, code id_token, and id_token are from Openid Connect. Where is refresh_token from?
Jenni Syed (Jun 16 2020 at 19:20):
And it doesn't look like there's one called out in the backend services spec: https://hl7.org/fhir/uv/bulkdata/authorization/index.html
Josh Mandel (Jun 16 2020 at 19:34):
This would be a great area to clarify in the app launch spec. I don't think refresh_token makes any sense here (looks at first glance like an error). The other types are defined in OIDC and we'd have the same requirements as OIDC.
With respect to back-end services, I don't think the response_type parameter would be relevant because it is a parameter to the authorize endpoint, and the authorize endpoint is not involved in back-end services -- so I think we are okay on that front, unless I'm missing something.
Jenni Syed (Jun 16 2020 at 19:36):
Ah, true :)
Jenni Syed (Jun 16 2020 at 19:36):
I'll log a jira
Jenni Syed (Jun 16 2020 at 19:50):
Last updated: Apr 12 2022 at 19:14 UTC
