state parameters

35 views

authorization

Skip to first unread message

Assigned to desani...@gmail.com by eric.s...@cerner.com

Vitalii Kikh

unread,

May 21, 2021, 9:00:44 AM5/21/21

to Cerner FHIR Developers

Hi all,
Where I can find state parameters for authorization request?

Thanks

Fenil Desani (Cerner)

unread,

May 21, 2021, 11:17:16 AM5/21/21

to Cerner FHIR Developers

Hello,

State parameter needs to be defined by the Application.

http://fhir.cerner.com/authorization/

When performing an authorization grant request, it is highly recommended that your client application establish a transient, one-time-use “state” value for each individual request you send. If your application receives an authorization response that does not include a value known to the current user’s device, it should reject the response. This mechanism is to protect your application against “cross-site request forgery” classes of exploits. For more information on these types of exploits, consult the RFC OAuth 2.0 Threat Model and Security Considerations.

Thanks,

Fenil (Cerner)

Vitalii Kikh

unread,

May 21, 2021, 2:50:56 PM5/21/21

to Cerner FHIR Developers

"State parameter needs to be defined by the Application."

Do you mean SmartApplication on https://code.cerner.com/?

пʼятниця, 21 травня 2021 р. о 18:17:16 UTC+3 Fenil Desani (Cerner) пише:

Fenil Desani (Cerner)

unread,

May 24, 2021, 12:28:18 PM5/24/21

to Cerner FHIR Developers

Yes, that's correct! Your Application needs to send the state param while making the Auth requests!

Reply all

Reply to author

Forward

0 new messages