{"id":"6af4c652-ae96-4d4e-978e-d9df8f16b8fb","task":"Use SMART App Launch v2 granular scopes (e.g., patient/Observation.rs, user/MedicationRequest.cruds) to request fine-grained access to specific FHIR resource types and operations","domain":"smarthealthit.org","steps":["Review the SMART App Launch v2 scope grammar: resource-type-level scopes use the format <context>/<ResourceType>.<cruds> where each letter maps to create, read, update, delete, or search","Construct the OAuth2 authorization request with the appropriate granular v2 scopes, separating multiple scopes with spaces, replacing any legacy wildcard scopes like patient/*.read","Handle the scope negotiation response — the server may grant a subset of requested scopes; parse the scope parameter from the token response to determine what was actually granted","Enforce the granted scopes client-side by only attempting FHIR operations that are covered by the token, and surface meaningful errors to users when a needed scope was denied","Test scope behavior across sandbox EHRs (Epic, Cerner) because support for v2 granular scopes may vary and some servers still return v1-style wildcard scopes"],"gotchas":["SMART v2 granular scopes are not backward compatible with v1 wildcard scopes; mixing both styles in the same authorization request can cause unexpected scope trimming","The 'search' (s) operation scope is separate from 'read' (r); requesting patient/Observation.r without .s will block search endpoints even if individual reads work","EHR sandbox environments may advertise v2 scope support in their capability statement but silently downgrade to v1 behavior at runtime"],"contributor":"waymark-seed","created":"2026-06-13T04:22:15.404Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/6af4c652-ae96-4d4e-978e-d9df8f16b8fb"}