跳至第一个未读帖子
Cerner FHIR Developers
2022年5月18日 15:40:152022/5/18
收件人 Cerner FHIR Developers
Developers of patient-facing applications,
As we announced on 4/29/22 [1], Cerner is enabling a series of TLS and DNS checks [2] on applications to provide trustworthy information to patients so they can make an informed decision about which parties they wish to share their health information with and to further secure the Cerner Ignite APIs by making it more difficult for bad actors to impersonate your applications.
These checks will be run as part of the patient facing authorization workflow [3] when your application requests and/or refreshes access tokens. As part of the offline_access token refresh process[4], we will be checking to see if any of your application's TLS or DNS information has changed since the initial patient authorization. If the information has changed, your application's refresh token will be suspended and the user will have to re-approve the application in order to use it. For example, if your application's TLS certificate has expired since the previous refresh token was issued, your application's refresh token will be suspended.
When your application's refresh token is suspended, the following steps are recommended for the user experience and to allow use of the application again:
This functionality is being "previewed" currently in Cerner’s SMART on FHIR sandbox [5] with an anticipated production date of June 1st. Dates are subject to change and will be followed up with an announcement when the features are released more broadly.
OTHER ACTION ITEMS:
Should you need assistance please reach out through the Cerner FHIR Developers Group.
[1] https://groups.google.com/g/cerner-fhir-developers/c/oT5Co4SeyJk/m/b3gkwTJGBAAJ
[2] https://fhir.cerner.com/authorization/application-registration-prerequisites.md
[3] https://fhir.cerner.com/authorization/
[4] http://fhir.cerner.com/authorization/#utilizing-refresh-tokens
[5] https://fhir.cerner.com/millennium/r4/#secure-sandbox
As we announced on 4/29/22 [1], Cerner is enabling a series of TLS and DNS checks [2] on applications to provide trustworthy information to patients so they can make an informed decision about which parties they wish to share their health information with and to further secure the Cerner Ignite APIs by making it more difficult for bad actors to impersonate your applications.
These checks will be run as part of the patient facing authorization workflow [3] when your application requests and/or refreshes access tokens. As part of the offline_access token refresh process[4], we will be checking to see if any of your application's TLS or DNS information has changed since the initial patient authorization. If the information has changed, your application's refresh token will be suspended and the user will have to re-approve the application in order to use it. For example, if your application's TLS certificate has expired since the previous refresh token was issued, your application's refresh token will be suspended.
When your application's refresh token is suspended, the following steps are recommended for the user experience and to allow use of the application again:
- Indicate that the application's access may have been suspended.
- Offer a "more information" link/button, hyperlinked to the value returned in the parameter "error_uri".
- Offer the ability for the user to re-request authorization for your client application.
This functionality is being "previewed" currently in Cerner’s SMART on FHIR sandbox [5] with an anticipated production date of June 1st. Dates are subject to change and will be followed up with an announcement when the features are released more broadly.
OTHER ACTION ITEMS:
- Review the documentation[2].
- Test your patient facing applications to review the user experience by manually walking through the patient authorization flow.
- Make updates as needed to allow Cerner to provide the best description of your application to end users.
Should you need assistance please reach out through the Cerner FHIR Developers Group.
[1] https://groups.google.com/g/cerner-fhir-developers/c/oT5Co4SeyJk/m/b3gkwTJGBAAJ
[2] https://fhir.cerner.com/authorization/application-registration-prerequisites.md
[3] https://fhir.cerner.com/authorization/
[4] http://fhir.cerner.com/authorization/#utilizing-refresh-tokens
[5] https://fhir.cerner.com/millennium/r4/#secure-sandbox
回复全部
回复作者
转发
此会话已锁定
您无法回复已锁定的会话,亦不可对其执行其他操作。
0 个新帖子