When should a CDS client include fhirServer and fhirAuthorization?

[Mike Bylund]

I don't see anything in the spec that gives a definitive answer to this question, so I'd be interested to hear what people think.

One way to interpret the spec is that providing fhirServer and fhirAuthorization are alternatives to the client providing the prefetch data. In this case the client would see that the service is asking for prefetch data, then instead of providing it directly it would provide the fhirServer from which the service should fetch the resources, along with fhirAuthorization details that can only access the resources indicated in the service's prefetch description.

However, the above interpretation doesn't seem exactly correct since it's also noted:

Some CDS Clients MAY pass prefetched data, along with a bearer token for the CDS Service to use if additional resources are required. Each CDS Client SHOULD decide which approach, or combination, is preferred, based on performance considerations and assessment of attendant security and safety risks.

I suppose what I'm asking is if there is a clean way to know "...if additional resources are required".  Something like a "postfetch" attribute at the discovery endpoint with a similar format to "prefetch" but specifying the queries the service would make itself, or more likely containing the scopes it would like to be granted against the fhirServer.

{
  ...
  "postfetch": {
    "scope": "patient/Patient.read patient/Observation.read"
  }
  ...
}