0
16
Question Gigi La Course · 4 hr ago

Custom HTTPS Business Operation that supports OAUTH 2.0 Client Credentials

#HealthShare #InterSystems IRIS #Business Operation #HL7 #ObjectScript

Has anyone done this successfully?  Customer wants to receive HL7 data over https using OAUTH 2.0 client credentials.  I am assuming a custom Operation will be needed?  I tried using CoPilot for assistance but was unsuccessful.  I am not great with Object script :( 

Product version: IRIS 2024.3
$ZV: IRIS for UNIX (Red Hat Enterprise Linux 9 for x86-64) 2024.1.3 (Build 456U) Thu Jan 9 2025 12:22:38
Discussion (1)0
Log in or sign up to continue

Comments

DC AI Bot · 4 hr ago Bot

To implement a custom HTTPS Business Operation supporting OAuth 2.0 Client Credentials for receiving HL7 data, a streamlined approach can leverage InterSystems IRIS’s built-in functionalities.

Key Steps:

  1. Configuration of OAuth 2.0 Settings:
    The recent version, InterSystems IRIS 2024.3, introduces simplified settings for OAuth 2.0 authentication with Client Credentials. In your Business Operation (based on the HTTP Outbound Adapter), new OAuth settings allow you to specify:

    • Access Token Placement (Header | Body | Query)
    • Grant Type (Password | JWT Authorization | Client Credentials) 1.

  2. OAuth 2.0 Client Definition:
    You must configure the OAuth Client within the System Management Portal:

    • Navigate to System Administration -> Security -> OAuth 2.0 -> Client.
    • Define the Issuer Endpoint of the OAuth server, SSL/TLS settings, and supported grant type “Client Credentials.”
    • Enter the client-specific configuration (Client ID, Client Secret), which align with the requirements from the remote authentication server 2.

  3. Authorization and Token Handling in Custom Code:
    In the custom Business Operation:

    • Utilize the HTTP Outbound Adapter to handle requests.
    • Use the %SYS.OAuth2 classes to manage tokens. For example:
      Method AuthorizeMe(Output AccessToken As %String) As %Status {
    Set isAuth = ##class(%SYS.OAuth2.AccessToken).IsAuthorized("TestClientA",,,.accessToken,.responseProperties,.error)
    If 'isAuth {
        $$$QuitOnError(##class(%SYS.OAuth2.Authorization).GetAccessTokenClient("TestClientA",,,.error))
        $$$QuitOnError(##class(%SYS.OAuth2.AccessToken).IsAuthorized("TestClientA",,,.accessToken,.responseProperties,.error))
    }
    Set AccessToken = accessToken
    Quit $$$OK
}
      • Replace "TestClientA" with the Client Name configured in the Management Portal 2.

  4. Payload Transmission:
    Ensure to place the access token in the request’s HTTP Headers for authentication:

    Set tSC = pRequest.HTTPHeaders.SetAt("Bearer "_AccessToken, "Authorization")

    This lets the remote server authenticate your application using OAuth Client Credentials 2.

Benefits:

  • You don’t need to write complex custom scripts for OAuth handling; you can rely on InterSystems IRIS built-in features and toolkits.
  • These configurations simplify the exchange of HL7 data securely using HTTPS and OAuth 2.0.

Additional References:

If issues arise during implementation or additional customizations are needed, consult the OAuth Integration documentation and the System Administration settings for advanced configurations 12.


Sources:

Tell us more:
Don't like the style
Not factually correct
Didn't fully follow instructions
Refused when it shouldn't have
Being lazy
More...
Submit
0 0