Stream: FHIR at Scale (FAST): Exchange with/without intermediaries
Topic: What auth is in scope?
Cooper Thompson (May 14 2021 at 20:00):
What types of auth are we including in intermediary support?
Cooper Thompson (May 14 2021 at 20:00):
For patient-mediated exchange, are we expecting to use a authorization_code flow access token? If so, do we need to think about allowed audiences in the SMART spec, so that the requestor knows that the intermediary is an allowed audience for a token that is likely to have been issued by the resource holder's auth servers?
Cooper Thompson (May 14 2021 at 20:01):
If we're looking at client_credentials flow, then would we need the intermediary to proxy the oauth2 token endpoints of the resource holder's auth server?
Last updated: Apr 12 2022 at 19:14 UTC
