Merge pull request #154 from FirelyTeam/improve-language-around-patie…

…nt-data-access-token Improve language around patient data access token
FirelyTeam · Apr 15, 2021 · 573eea1 · 573eea1
2 parents 2c05976 + 793e8a3
commit 573eea1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/firelyserver/security/accesscontrol.rst b/firelyserver/security/accesscontrol.rst
@@ -201,7 +201,7 @@ A valid access token for Firely Server at minimum will have:
 * the ``iss`` claim with the base url of the OAuth server
 * the ``aud`` the same value you've entered in ``SmartAuthorizationOptions.Audience``
 * the ``scope`` field with the scopes granted by this access token
-* optionally, the compartment claim, if you'd like to limit this token to a certain compartment. For example in case of Patient data access where the ``patient`` launch scope is used, include the ``patient`` claim with the patient's id or identifier - see :ref:`feature_accesscontrol_compartment`
+* optionally, the compartment claim, if you'd like to limit this token to a certain compartment. Such a claim may be requested by using a context scope or launching a part of an EHR launch. See `Requesting context with scopes <http://www.hl7.org/fhir/smart-app-launch/scopes-and-launch-context/#requesting-context-with-scopes>`_ for more details. For example, in case of Patient data access where the ``launch/patient`` scope is used, include the ``patient`` claim with the patient's id or identifier (:ref:`feature_accesscontrol_compartment`) and make sure to request the ``patient/<permissions>`` scope permissions. Compartment claims combined with ``user/<permissions>`` claims are not taken into acccount.
 
 .. _feature_accesscontrol_decisions: