1. FHIR User's Guide
  2. Using the OAuth 2.0 protected API
  3. How It Works

How It Works

Figure 5-1 Access Token Process

Access Token Process
  1. Client application or user authenticates with the OAuth Server (at say, the /ms_oauth/oauth2/endpoints/tokens endpoint) using the client ID and secret. The client ID and secret would have been obtained at the time of registering the OAuth client with OAuth Server.
  2. OAuth Server validates the client ID and secret.
  3. OAuth Server responds with an Access Token.
  4. Client application or user uses the Access Token to call an HDR FHIR API.
  5. HDR FHIR server intercepts the request and validates the Access Token.
  6. HDR FHIR API responds with requested data.

Parent topic: Using the OAuth 2.0 protected API