Skip to content

Support for authorization using OAuth2 (Smart on FHIR) #383

New issue
New issue
Open
Open
Support for authorization using OAuth2 (Smart on FHIR)#383
Labels
enhancement
@joarb

Description

@joarb
joarb
opened on May 12, 2021

Is your feature request related to a problem? Please describe.
I'd like to see the possibility of issuing access tokens like this

{
  "access_token": "i8hweunweunweofiwweoijewiwe",
  "token_type": "bearer",
  "expires_in": 3600,
  "scope": "patient/Observation.read patient/Patient.read",
  "intent": "client-ui-name",
  "patient":  "123",
  "encounter": "456"
}

that are understood by the Spark server so that only patient/Observation.read and patient/Patient.read operations for the patient resource "123" are accessible to the authorized client.

Describe the solution you'd like
Support for/integration with the Smart on FHIR framework, or at a minimum OAuth2 support.

Describe alternatives you've considered
Other authorization means could be of interest.

Additional context
Resources:

http://www.hl7.org/fhir/smart-app-launch/
https://hl7.org/fhir/uv/bulkdata/authorization/index.html

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions