[Openid-specs-ab] issue with smart app and POST
Tom Jones
thomasclinganjones at gmail.com
Tue Jan 23 20:16:32 UTC 2024
I don't see any mins from Monday's meeting.
I agreed to look into requiring POST in the FHIR smart app.
*I need to know the issue that raises the point*
I need to know when and why the decision to deprecate POST was made.
Here is the doc with the issue.
https://hl7.org/fhir/smart-app-launch/app-launch.html
Here is the issue - I will post a message to the Smart App when I know more.
The following requirements are adopted from OpenID Connect Core 1.0
Specification section 3.1.2.1
<https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest>:
- Authorization Servers SHALL support the use of the HTTP GET *and POST*
methods at the Authorization Endpoint.
- Clients SHALL use either the HTTP GET or the HTTP POST method to send
the Authorization Request to the Authorization Server. If using the HTTP
GET method, the request parameters are serialized using URI Query String
Serialization. If using the HTTP POST method, the request parameters are
serialized using Form Serialization and the
application/x-www-form-urlencoded content type.
..tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240123/8189c0da/attachment.html>
More information about the Openid-specs-ab
mailing list