client id in launch.html

20 views

authorizationsmart

Skip to first unread message

akshaya arumugam

unread,

Aug 22, 2018, 6:12:27 AM8/22/18

to Cerner FHIR Developers

Is it safe to provide client id and secret in launch.html.What if somebody hacks the client id and secret?

or How to make it safe from hackers?

Thanks,

Akshaya

Jenni Syed (Cerner)

unread,

Aug 22, 2018, 9:10:26 AM8/22/18

to Cerner FHIR Developers

Akshaya,

If your application does not have a server side component and cannot protect its secret, it cannot use confidential profiles on OAuth 2. It must stick to the public profile access only (no secret).

You can read more about this in the SMART specification: http://docs.smarthealthit.org/authorization/#support-for-public-and-confidential-apps

As well as in OAuth 2: https://tools.ietf.org/html/rfc6749#section-2.1

~ Jenni

Reply all

Reply to author

Forward

0 new messages