Closed vhn-ker closed 8 months ago
In the IUA specifications, it is mentionned that : Note 1: Authorization Server or Resource Server Actors shall support at least one of the following options: JWT Token, SAML See : https://profiles.ihe.net/ITI/IUA/index.html#342-iua-actor-options
In the mHealth specifications, no other requirements are set in the Actor Options chapter. See http://fhir.ch/ig/ch-epr-mhealth/iti-iua.html#actor-options
There's a possibility that an Authorization Server only supports the JWT option and a Ressource Server only supports the SAML token option. In this case, the Authorization Client will not be able to retrieve information from the Ressource Server.
We use JWT token only, to avoid interoperability problems.
In the IUA specifications, it is mentionned that : Note 1: Authorization Server or Resource Server Actors shall support at least one of the following options: JWT Token, SAML See : https://profiles.ihe.net/ITI/IUA/index.html#342-iua-actor-options
In the mHealth specifications, no other requirements are set in the Actor Options chapter. See http://fhir.ch/ig/ch-epr-mhealth/iti-iua.html#actor-options
There's a possibility that an Authorization Server only supports the JWT option and a Ressource Server only supports the SAML token option. In this case, the Authorization Client will not be able to retrieve information from the Ressource Server.