Home Applications iris-oauth-fhir

iris-oauth-fhir

This application is not supported by InterSystems Corporation. Please be notified that you use it at your own risk.
0
0 reviews
0
Awards
148
Views
0
IPM installs
2
2
Details
Releases
Reviews
Issues
Pull requests
Articles
Fhir Oauth Sample

What's new in this version

Initial Release

iris-oauth-fhir

img
fhir

This is a sample application that demonstrates how to use the InterSystems IRIS for Health FHIR Repository to build a FHIR Repository with OAuth2 authorization, the FHIR endpoint will be the resource server and Google OpenId will be the authorization server.

Prerequisites

Installation

Setup Google Cloud Platform

This part is inspired by the article Adding Google Social Login into InterSystems Management Portal from yurimarx Marx in the InterSystems Community.

  1. Create a new project in Google Cloud Platform

  2. On the header click Select a project:

img

  1. Click the button NEW PROJECT:

img

  1. Create a sample project for this article called InterSystemsIRIS and click the button CREATE:

img

  1. Go to the Header again and select the created project InterSystemsIRIS hyperlink in the table:

img

  1. Now the selected project is the working one:

img

  1. In the header look for credentials on the Search field and choose API credentials (third option for this image):

img

  1. On the top of the screen, click the + CREATE CREDENTIALS button and select OAuth 2.0 Client ID option:

img

  1. Now click CONFIGURE CONSENT SCREEN:

img

  1. Choose External (any person who has Gmail is able to use it) and click the CREATE button:

img

  1. In Edit app registration, complete the field values as follow:
    App Information (use your email for user support email):

img

  1. For Authorized domains, it is not necessary to set anything because this sample will use localhost. Set the developer contact information with your email and click the SAVE AND CONTINUE button:

img

  1. Click ADD OR REMOVE SCOPES and select the following scopes, scroll the dialog, and click the UPDATE button:

img

  1. Include your email into the Test users list (using the +ADD USERS button) and click the SAVE AND CONTINUE button:

img

  1. The wizard shows you the Summary of the filled fields. Scroll the screen and click the BACK TO DASHBOARD button.
  2. Now, it is time to configure the credentials for this new project. Select the option Credentials:

img

  1. Click the + CREATE CREDENTIALS button and select OAuth client ID option:

img

  1. Select Web application option and complete the field values as follow:

img

We will be using postman for the demo, but if you want to use the sample application, you will need to add the following redirect URIs, same goes for the JavaScript origins.

  1. Click the CREATE button and copy the Client ID and Client Secret values:

img

You are done with the Google Cloud Platform configuration.

Setup the sample application

  1. Clone this repository:
git clone https://github.com/grongierisc/iris-oauth-fhir
  1. Build the docker image:
docker-compose build
  1. Set Client Id an Client Secret from the last part of (Setup Google Cloud Platform) in a new file called secret.json in misc/auth folder, you can use the secret.json.template as a template.
{
    "web": {
        "client_id": "xxxx",
        "project_id": "intersystems-iris-fhir",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v3/certs",
        "client_secret": "xxxx"
    },
    "other" : {
        "issuer" : "accounts.google.com"
    }
}

⚠️ Warning : auth_provider_x509_cert_url by default is https://www.googleapis.com/oauth2/v1/certs but it is deprecated, you need to use https://www.googleapis.com/oauth2/v3/certs instead.

  1. Run the docker image:
docker-compose up -d

⚠️ Warning : if the secret.json file is not present, the docker image will start in a unauthenticated mode.

Test it with Postman

The endpoint is httsp://localhost:4443/fhir/r4/.

  1. Configure Postman to use the self-signed certificate, see Postman documentation.

  2. Create a new request in Postman and go to the Authorization tab. Select OAuth 2.0 as the type :

img

  1. On the Configure New Token dialog, set the following values:

The access url token is : https://accounts.google.com/o/oauth2/token
Scopes is : openid
Client Id and Client Secret are the one you got from the Google Cloud Platform.

img

  1. Click the Request Token button and you will be redirected to the Google login page:

img
img

  1. Make use of the token to get the patient list:

img

  1. Select in Token type, ID Token or Access Token and click the Use Token button:

img

  1. You will get the patient list:

img

What journey, hope you enjoyed it.

More to come, stay tuned. We will be dealing with kubernetes and the FHIR repository in the next part.

Made with
Version
1.0.021 Jul, 2023
Category
Technology Example
Works with
InterSystems IRIS for Health
First published
21 Jul, 2023