Is your feature request related to a problem? Please describe.
I'd like to see the possibility of issuing access tokens like this
{
"access_token": "i8hweunweunweofiwweoijewiwe",
"token_type": "bearer",
"expires_in": 3600,
"scope": "patient/Observation.read patient/Patient.read",
"intent": "client-ui-name",
"patient": "123",
"encounter": "456"
}that are understood by the Spark server so that only patient/Observation.read and patient/Patient.read operations for the patient resource "123" are accessible to the authorized client.
Describe the solution you'd like
Support for/integration with the Smart on FHIR framework, or at a minimum OAuth2 support.
Describe alternatives you've considered
Other authorization means could be of interest.
Additional context
Resources:
http://www.hl7.org/fhir/smart-app-launch/
https://hl7.org/fhir/uv/bulkdata/authorization/index.html
Is your feature request related to a problem? Please describe.
I'd like to see the possibility of issuing access tokens like this
{ "access_token": "i8hweunweunweofiwweoijewiwe", "token_type": "bearer", "expires_in": 3600, "scope": "patient/Observation.read patient/Patient.read", "intent": "client-ui-name", "patient": "123", "encounter": "456" }that are understood by the Spark server so that only
patient/Observation.readandpatient/Patient.readoperations for the patient resource "123" are accessible to the authorized client.Describe the solution you'd like
Support for/integration with the Smart on FHIR framework, or at a minimum OAuth2 support.
Describe alternatives you've considered
Other authorization means could be of interest.
Additional context
Resources:
http://www.hl7.org/fhir/smart-app-launch/
https://hl7.org/fhir/uv/bulkdata/authorization/index.html