Also in previous versions you could define your FHIR Server to accept requests via OAuth 2.0 (e.g. for a SMART on FHIR client) but nowadays with v2024.3, which was released a while ago, there is a new feature, that enables doing this more easily - the OAuth FHIR Client QuickStart.

This "QuickStart" is a Wizard-like "helper" that allows you to connect your FHIR server to an OAuth server and enable OAuth authentication and authorization for FHIR requests, within 5 simple steps (really just 3...).

• Step 1 - Create or Choose FHIR Server

You might have already a FHIR Server (Endpoint) you defined, or you might have not defined one yet, and want to define one now, as part of this QuickStart.

• Step 2 - Select FHIR Server

If you chose to 'Use an Existing' you will be shown available endpoints, per Namespace. For example:

If you chose to 'Create New' you'll be shown a small form to create a new endpoint:

This is similar to what you would see if you create the endpoint before hand by yourself:

• Step 3 - Select OAuth Server Type

You can chose to use an external OAuth server (e.g. auth0 by Okta), or use the built-in OAuth Server within InterSystems IRIS.

If you want to use IRIS as your OAuth Server, you'll need to setup IRIS as an OAuth server, supporting FHIR, you have a "shortcut" for that as well, a method you can call that will set this up for you.

Note Secure Communication needs to be setup for this to work.

• Step 4 - Configure OAuth Server

If you chose to use an external OAuth server, you will be prompted for it's Issuer Endpoint:

If you happened to have defined one already you can choose it from the dropdown, if not you can type (or paste) it in.

In any case you can test this OAuth server endpoint, for example:

• Step 5 (or 4 if you chose the internal IRIS OAuth server) - Confirm

You'll see a short confirmation info and a 'Confirm' button.

For example (choosing to create a new FHIR Server, and using the IRIS internal OAuth server):

Or for example (choosing an existing FHIR endpoint, and an external OAuth server):

If all goes well you'll see a message this was created successfully.

If not, you'll get an appropriate message.

Behind the scenes you should be able to observe a few things -

• You'll see the client defined under the OAuth clients (with it's details):

• You'll see the client defined in your FHIR Endpoint:

• In the general Security section of the Management Portal, under OAuth 2.0, you will also be able to find a Client Definition with a Client Configuration.

Assuming all the above is working you can start using OAuth (and specifically SMART on FHIR) to communicate with your FHIR Server.

More on that... in a future Article...

Looking at my database I see I have a very big ^rINDEXSQL global? Why is that? 😬

In the Management Portal SQL page, under "SQL Statements" I see a 'Clean stale' button - what does this do? 🤔

In the list of Statements some have a 'Location' value and some don't? How is that? 🤨

Well, indeed these are all related.

In general we keep basic statistics for SQL queries that were run. When you purge cached SQL queries, we do not delete the statement entry in the statement list, and keep the statistics (because this might be useful for future comparison). We do "clear" the Location column (as it does not point anymore to an existing cached query).

If you want to clean out these "stale" statements (ones that don't point anymore) you can press the "Clean stale" button.

This is what this could look like (System Explorer -> SQL -> SQL Statements):

[Note in older versions, e.g. v2020.1 there was a background Task that would clean these statements - "Clean SQL Index - Clean up stale SQL Statement Index entries", see also here, but this has been removed in newer versions, see MAK5205]