Open
Description
Our current sample access-checkers, i.e., patient
and list
are intended for app facing scenarios. Another common scenario is when a backend service needs to interact with the FHIR server (e.g., pipelines in fhir-data-pipes). We are going to adopt SMART Backend Services spec as the standard way for such scenarios and implement a sample AccessChecker
based on that.
Activity
bashir2 commentedon Nov 18, 2023
A large part of supporting SMART Backend spec lies inside the IDP/Authorization server, e.g., Keycloak. To close this issue, we need to do the following:
SmartBackendAccessChecker
similar to PatientAccessChecker to check SMART scopes when granting access. This should require fairly small amount of code and should heavily rely on SmartScopeChecker (which may require some refactoring).SmartBackendAccessChecker
.AccessChecker
should be used where it can delegate access-control to otherAccessChecker
s (includingSmartBackendAccessChecker
) based on the access-token claims.bashir2 commentedon Nov 18, 2023
Once this feature is implemented we should also update fhir-data-pipes and add support for
client-confidential-asymmetric
flow, but we will track that in that repo. Note theclient-confidential-symmetric
flow was implemented in this PR.