How to register client as confidential app

44 views
Skip to first unread message

Daya

unread,
Oct 2, 2018, 1:50:23 PM10/2/18
to Cerner FHIR Developers
When registering my app https://code.cerner.com/developer/smart-on-fhir/apps are there any options for specifying 'confidential app' ? what about standalone app?

Regards,
Daya

Jenni Syed (Cerner)

unread,
Oct 2, 2018, 2:16:15 PM10/2/18
to Cerner FHIR Developers
Hi Daya,

I tried to answer this a bit over on your other question: https://groups.google.com/d/msg/cerner-fhir-developers/djdi2I90jxo/PHnGWMJwBAAJ

As mentioned there, we only support confidential clients if you require offline_access on behalf of a patient. 

Regards,
Jenni

Daya Sharma

unread,
Oct 2, 2018, 4:42:40 PM10/2/18
to cerner-fhir...@googlegroups.com
Hi Jenni,

Please help me understand
  1. how will the OAuth secret associated with our Client be secured if ours is a public app
  2. Our application will be used by nurses to care for multiple patients, is that same as accessing on behalf of patients?
Thanks,
Daya

--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/Pl4TavMTWEM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/9fcd71cf-a41c-4dc8-af3c-b2f882061961%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenni Syed (Cerner)

unread,
Oct 2, 2018, 7:59:09 PM10/2/18
to Cerner FHIR Developers
Hi Daya,

1. By OAuth 2's definition, a public application cannot protect a secret. This means these types of apps cannot use the confidential client workflow.
2. That is access on behalf of a user, the user in this case is a practitioner (and your application would be registered as a practitioner application).

~ Jenni
Reply all
Reply to author
Forward
0 new messages