search

smart-on-fhir / client-py

Python SMART on FHIR client
http://docs.smarthealthit.org
Other
591 stars 211 forks source link

Use a full UUID4 for the state param #93

Closed mnitchie closed 3 months ago

mnitchie commented 3 years ago

According to the hl7 SMART App Launch Implementation Guide:

The app SHALL use an unpredictable value for the state parameter with at least 122 bits of entropy

The current state param used by this client is only 8 characters and, according to this entropy calculation, has only 41 bits of entropy.

The SMART App Launch Implementation Guide suggests using a "properly configured random uuid", which the uuid wiki indicates gives us the requisite 122 bits.

I'd like to have this in the 3.0 (STU3) version of the client, and also to merge it forward to master (R4).

mikix commented 3 months ago

I'd like to have this in the 3.0 (STU3) version of the client, and also to merge it forward to master (R4).

Is this desire still relevant? I switched this PR to aim at main, where development of 4.2.0 is happening.

mnitchie commented 3 months ago

Is this desire still relevant?

@mikix Not at all. Thanks for reviewing and merging!