Closed ig-feedback closed 6 months ago
This is current. A machine to machine OAuth flow is currently not specified, this would need to be extended with the Client Credentials Grant [OAuth 2.1, Section 4.2]. This grant type is optimized for clients requesting access tokens using only its client credentials and is restricted to confidential clients (e.g., medical devices, back end applications).
see https://profiles.ihe.net/ITI/IUA/index.html#34411-authorization-grant-types
Telco 5.1. OE/MS: eHealth Suisse will develop a Factsheet how a possible solution could look like for a confidential client
related also to #45
The feature will be added. Close this, since we have a duplicate.
ch.fhir.ig.ch-epr-mhealth#1.1.0 /iti-pixm.html
Due to the actor grouping of PIXm with IUA, there's always a user authentication required for the PIXm transactions. For this reason e.g. ITI-104 / Patient Identity Feeed FHIR cannot be used by a background process in a primary system. Do I understand this correctly?
Marco Studer, Cistec AG