require patient alongside access token

cds-hooks / docs

CDS Hooks website & specification

http://cds-hooks.org

Apache License 2.0

166 stars 61 forks source link

require patient alongside access token #601

Closed isaacvetter closed 2 years ago

isaacvetter commented 2 years ago

if scopes are "patient". Fixes https://jira.hl7.org/browse/FHIR-28761

Breaking change

isaacvetter commented 2 years ago

Is this a breaking change? Probably not to a service, but a client could now be out of compliance with the spec (e.g. they were previously granting patient/Patient.read, but not providing the patient parameter alongside the access_token).