Hello,
I have a security-related question.
We want to safeguard against the case where a bad actor might try sending us a fake Cerner endpoint url -- complete with conformance metadata that redirects to a fake authorizeUri. If we are supplied with a provider endpoint to integrate with, is there a way to tell from the conformance metadata whether it was issued from Cerner's servers rather than some illegitimate source? In other words, in what way can we distinguish/recognize a valid Cerner endpoint url before the app launch gets to the point of redirecting to the authorizeUri?
Thanks,
Francesca Ricci-Tam