Developing SMART On FHIR Applications with Auth0 and InterSystems IRIS FHIR Server - Introduction

Introduction

I recently participated in a fantastically organized hands-on by @Patrick Jamieson in which an Angular application was configured together with an IRIS FHIR server following the protocols defined by SMART On FHIR and I found it really interesting, so I decided to develop my own Angular application and thus take advantage of what I learned to publish it in the Community.

SMART On FHIR

Let's see what Google tells us about SMART On FHIR:

SMART on FHIR is a data standard that allows applications to access information in electronic health record (EHR) systems. An application developer can write a single application that connects to any EHR system that has adopted the standard.

The main concepts that we are going to handle in SMART On FHIR are:

• Delegated authentication and authorization by OAuth2 or OpenID.
• Management of FHIR resources in the defined context.
• HTTPS communications.

Architecture of our project

For this exercise we have configured the following elements in both Docker and the Auth0 service:

• One application developed in Angular that will act as our front-end, this application has been developed following the principles of SMART On FHIR.
• NGINX web server and reverse proxy that will publish our application developed in Angular.
• Auth0 will provide us with the authentication and authorization service through OAuth2.
• InterSystems IRIS in which we will deploy our FHIR server and to which we will connect through the Web Gateway which includes an Apache Server already available in its Docker image.

Auth0

Although we could delegate the authentication and authorization of users to another IRIS server deployed for this purpose, on this occasion we are going to use the service offered by Auth0.

What is Auth0?

Auth0 is a service that provides us with the entire mechanism to manage authorization and authentication of our platforms.

Auth0 also has specific libraries in different languages to be able to easily integrate with any project, so it is always an option to take into account for developments based on SMART On FHIR.

Including Auth0 in our application.

Since the use of OAuth2 is a required condition for the use of SMART On FHIR, this implies the inclusion of an OAuth2 server in the usual process of authentication, authorization and access to the application. In the following diagram we can see the path taken by the information sent to the system with the Auth0 service:

Let's analyze the process:

• Login request:
  1. Login request: The user accesses the application in their Internet browser and requests to log in.
  2. Login request: The Angular application forwards the request to the Auth0 service.
  3. Login page: Auth0 sends a redirect to your own page to the user's Internet browser.
• Authentication on Auth0:
  1. User credentials: The user enters their email and the password with which they are registered in Auth0.
  2. Authentication & Authorization: Auth0 validates the data and generates an Access_token including the context assigned to the user.
  3. Access_token response & redirection: Auth0 redirects the response to the URL indicated in the project configuration including the generated token.
  4. Patient screen: The Angular application shows the user the page to register their personal data.
• FHIR Resource Record:
  1. Save patient: the user fills out the form with her data and the Angular application transforms the form into a JSON object in the format of the FHIR Patient resource.
  2. POST request: the Angular application sends an HTTP POST call to the FHIR server deployed in IRIS including the access_token as an authentication token in the request header.
  3. POST response: after receiving the POST request via Web Gateway, IRIS checks the validity of the token and the context of the request. If everything is correct, it will validate the resource received and register it on the FHIR server, returning an HTTP 201 indicating the creation of the new resource. and attaching in a header the identifier assigned to the new resource.
  4. Operation success: The Angular application will redirect the user to the screen showing the main functionalities.

Once logged in, the Auth0 library included in the project will be in charge of intercepting all the requests we make to our FHIR server to include the access token received from Auth0.

Coming soon...

In the next articles we are going to see how we have to configure each of the systems involved and finally how to connect it with our Angular application. For those of you who cannot wait, you can consult the README.md present on the GitHub associated with the OpenExchange project linked to this article, which explains in detail how to configure both Auth0 and InterSystems IRIS.