Modify fhir-smart behavior for "user/" scope requests #3495
Assignees
Labels
enhancement
New feature or request
Comments
lmsurpre
added a commit
that referenced
this issue
Mar 23, 2022
Specifically, avoid adding the implicit compartment parameter(s) when
the interaction is covered by one or more tokens with the 'user/' or
'system/' prefix ("context type")
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Mar 23, 2022
Also addressed review comments by adding class-level javadoc Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Mar 24, 2022
Also addressed review comments by adding class-level javadoc Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Mar 24, 2022
Also addressed review comments by adding class-level javadoc Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Mar 31, 2022
issue #3495 - more selectively scope searches to patient compartment
|
Verified that this is working as outlined in the Acceptance criteria above. Closing issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
In the current implementation, we require the access token to have a
patient_idclaim for basically any search for resource types that can exist in the patient compartment.However, for access tokens with
user/orsystem/scopes, that feels a bit inconsistent with ourisAllowedimplementation which basically allows access to any resources when the access token contains a scope with a valid permission for the current interaction (e.g.user/Patient.readfor searching patient resources).This leads to confusing behavior like what is reported at https://chat.fhir.org/#narrow/stream/212434-ibm/topic/Custom.20Sort.20Parameters/near/275813474 where a search of the Basic endpoint with a scope like
user/Basic.readends in 0 results but a whole-system search with the same scope can retrieve these resources just fine.Describe the solution you'd like
patient_idclaim forpatient/scopes (and only when a correspondinguser/orsystem/scope doesn't cover the interaction).patient/scope is the only one that allows the interaction.Describe alternatives you've considered
more clearly document that the
patient_idclaim is required even foruser/scopes and ensure that these are enforced properly as part of whole-system search.Acceptance Criteria
GIVEN a server with multiple patient resources (a, b, c)
AND a valid access token with patient_id=a and scope=
launch/patient patient/*.readWHEN a search request would return a resource type that is in the the patient compartment
THEN only resources in the compartment of patient a are returned
GIVEN a server with multiple patient resources (a, b, c)
AND a valid access token with scopes that include
user/*.read(with or without a patient_id claim)WHEN a search request would return a resource type that is in the the patient compartment
THEN all resources that meet the search criteria are returned without regard to any patient_id claim/context
GIVEN a server with multiple patient resources (a, b, c)
AND a valid access token with scopes that include
system/*.read(with or without a patient_id claim)WHEN a search request would return a resource type that is in the the patient compartment
THEN all resources that meet the search criteria are returned without regard to any patient_id claim/context
Additional context
See https://chat.fhir.org/#narrow/stream/212434-ibm/topic/GET.20Patients and https://chat.fhir.org/#narrow/stream/212434-ibm/topic/fhir-smart/near/264451208 for related discussion.
The text was updated successfully, but these errors were encountered: