msmock
commented
8 months ago We use JWT token only, to avoid interoperability problems.
Closed vhn-ker closed 8 months ago
msmock
commented
8 months ago We use JWT token only, to avoid interoperability problems.
In the IUA specifications, it is mentionned that : Note 1: Authorization Server or Resource Server Actors shall support at least one of the following options: JWT Token, SAML See : https://profiles.ihe.net/ITI/IUA/index.html#342-iua-actor-options
In the mHealth specifications, no other requirements are set in the Actor Options chapter. See http://fhir.ch/ig/ch-epr-mhealth/iti-iua.html#actor-options
There's a possibility that an Authorization Server only supports the JWT option and a Ressource Server only supports the SAML token option. In this case, the Authorization Client will not be able to retrieve information from the Ressource Server.