Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect oauth2 even if there's no authorize_uri #135

Merged
merged 1 commit into from
Jul 16, 2024
Merged

Detect oauth2 even if there's no authorize_uri #135

merged 1 commit into from
Jul 16, 2024

Conversation

mikix
Copy link
Contributor

@mikix mikix commented Nov 11, 2022

As long as we have a JWT and there's a token_uri, we can talk oauth2.

I ran into this while testing the bulk export flow against https://bulk-data.smarthealthit.org which does not expose an authorize_uri, but does expose token_uri and can talk oauth2 with JWTs just fine.

I am not confident that this is the best solution, but it is a solution. Should the code be even dumber and just use oauth2 if the http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris security extension is present at all? Given that there is no other auth system to fall back to, it seems reasonable to err on the side of oauth2. Happy to tweak this as folks like, or leave it as is.

@mikix
Detect oauth2 even if there's no authorize_uri
911b285 
As long as we have a JWT and there's a token_uri, we can talk oauth2.
@mikix mikix merged commit c1a42df into smart-on-fhir:main Jul 16, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dogversioning dogversioning dogversioning approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikix @dogversioning