1.) The FHIR Query Initiator discovers the endpoints associated with each Responding Actor it wants to transact with using FHIR
2.) the FHIR Query Initiator registers a client with the Responding Actor’s Authorization Server
3.) The FHIR Query Initiator requests an access token following the Oauth 2.0 Authorization Code
Grant flow (per Section 5.2.4 of the TEFCA FHIR IG) or Client Credentials flow (per Section 5.2.5 of TEFCA FHIR IG) Business-to-business (B2B) applications can use either the Authorization Code Grant flow or Client Credentials flow. Consumer-facing applications must use the Authorization Code Grant flow
4.) Post Conditions: The FHIR Query Initiator has obtained requested FHIR resources from the Responding Actor
Actors:
TEFCA DEV Directory
FHIR Server with Server Metadata to be added
Directory read/write access for participants
Auth server with UDAP JWT-based client authentication + trust policy logic (validating requestor's certificate etc.) for writes and sensitive data access
Organization A - UDAP FHIR Client (Requestor)
Client capable of UDAP Tiered OAuth, UDAP Dynamic Client Registration, UDAP JWT-based Authentication + trust policy logic to validate responder's Server Metadata
Requests FHIR data
Certificate
Organization B - UDAP FHIR Server (Responder)
UDAP Server Metadata
Implements Server side of UDAP Dynamic Client Registration and UDAP JWT-Based Authentication including trust policy logic and matching capability
