FHIR Chat · Bulk Data "Advertising Server Conformance " · bulk data

Stream: bulk data

Topic: Bulk Data "Advertising Server Conformance "

view this post on Zulip Yunwei Wang (Oct 16 2019 at 14:16):

https://build.fhir.org/ig/HL7/bulk-data/authorization/index.html#advertising-server-conformance-with-smart-backend-services
"A server MAY advertise its conformance with SMART Backend Services, by hosting a Well-Known Uniform Resource Identifiers (URIs) (RFC5785) JSON document as described at SMART App Launch Authorization Discovery. If advertising support, a server’s /.well-known/smart-configuration endpoint SHOULD include token_endpoint, scopes_supported, token_endpoint_auth_methods_supported (with values that include private_key_jwt), and token_endpoint_auth_signing_alg_values_supported"
The referenced "SMART App Launch Authorization Discovery" states that there are three REQUIRED metadata fields: authorization_endpoint, token_endpoint, and capabilities. Only token_endpoint is listed in "SHOULD include" in bulk data.
Does that mean the REQUIRED metadata in SMART IG is NOT required anymore in Bulk data IG?
@Dan Gottlieb

view this post on Zulip Josh Mandel (Oct 16 2019 at 18:38):

The SMART App Launch IG is for user-authorized apps, so the authorize end point is essential; this doesn't play a role in Backend Services (which connect directly to the token endpoint).

view this post on Zulip Josh Mandel (Oct 16 2019 at 18:39):

(Re: capabilities, we haven't defined any granular capabilities for the Backend Services discovery; this would be a good enhancement down the line.)

view this post on Zulip Yunwei Wang (Oct 16 2019 at 19:17):

In some way, we should clarify that Bulk Data discovery follows the Well-Known endpoint defined in "SMART App Launch Authorization Discovery" but not the metadata required in SMART App Launch.

view this post on Zulip Josh Mandel (Oct 18 2019 at 12:03):

Agreed ; do you want to propose some language as part of the technical correction?

view this post on Zulip Yunwei Wang (Oct 18 2019 at 13:28):

A server MAY advertise its conformance with SMART Backend Services, by hosting a Well-Known Uniform Resource Identifiers (URIs) (RFC5785) endpoint as described at SMART App Launch Authorization Discovery Request. If advertising support, a JSON document SHALL be returned with these following REQUIRED/RECOMMENDED/OPTIONAL metadata fields: token_endpoint, scopes_supported, token_endpoint_auth_methods_supported (with values that include private_key_jwt), and token_endpoint_auth_signing_alg_values_supported (with values that include at least one of RS384, ES384) attributes for backend services.

view this post on Zulip Yunwei Wang (Nov 01 2019 at 14:44):

@Josh Mandel Also this IG does NOT mention if server could use conformance to advertise endpoints. So far, most, if not all, bulk data servers use conformance statement to indicate token_endpoints. Should this be included in IG?

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -