The latest spec it contains:
Consumer systems SHALL provided audit and provenance details in the HTTP authorization header as an oAuth bearer token (as outlined in RFC 6749) in the form of a JSON Web Token (JWT) as defined in RFC 7519
Important: Whilst the use of a JWT and the claims naming is inspired by the SMART on FHIR the GP Connect programme hasn’t commit to using the SMART on FHIR specification.
Is this going to use OAuth2? If so what kind of grant types would be supported?
I’d hope this access method would span other projects such as Record Locator Service and e-Referral Service api’s.
The reason I ask is this has implications which technology stack we would use. Our current tech for integration has some difficulty supporting (although our supplier would probably fix this) but we could go down another route and do this ourselves [Currently working with a large trust and we have staff who can do this].