Bearer token in a HealthConnect Production world - Looking for best practise
a HealthConnect customer of ours came across with a question to use an external service via REST and OpenID within one of his HealthConnect (2020.1) productions. The overal idea is to send data to the external system after receiving a baerer token to use for the communication between HealthConnect and this system.
Since I´ve never done such thing before I have an idea to solve this task but looking for a best practise way to do so. Using the RESt-Api of the external system is not the question here. More interesting is the mechanismn to receive a new bearer token and use it in the communication with the external system. From my perspective HealthConnect acts as a client for the remote system. That´s why I thought it would be the correct way to configure a OAuth2 client for authentication and to receive the bearer token fropm there. From within the customers production I would create some kind of a REST Operation and use code to authenticate/receive the bearer token via OAuth2 and use the token in further communication with the external system. Would this be the way here for my scenario? I´ve had a look in the documentation but couldn´t find anything fitting for my problem.
Thats why my question is - are there any best practises to accomplish my scenario? Or is my approach to do so completly wrong? Any ideas are highly appreciated.