Question about OAuth 2.0 Client (%SYS.OAuth2)

Question

Question

Scott Roth · Dec 1, 2023

#OAuth2 #Health Connect #InterSystems IRIS #InterSystems IRIS for Health

Trying to setup my first OAuth 2 client to authenticate against Epic's Interconnect instance that is hosting FHIR/Web Service API's. Epic's documentation says the JWT request has to be sent as a POST request..

Does

GetAuthorizationCodeEndpoint

and

GetImplicitEndpoint

automatically put the request into a POST request, or do I need to format a %Net.HttpRequest to POST?

Thanks

Scott

Product version: IRIS 2023.1

$ZV: IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2023.1.2 (Build 450U) Mon Oct 16 2023 10:40:47 EDT

Discussion (4)2

Log in or sign up to continue

Amy Lin · Dec 4, 2023

These endpoints only return the url. They need to separately be sent as a HTTP request in your authorization process.

0 0

score 0 · Answer 1 · 2023-12-03T10:48:39-05:00

Hi Scott,

I think I cannot help you any further but you're specific question but I'm very interested in this one with Epic.

For my understandig, are you trying to connect to an oAuth2 Interconnect instance with IRIS? What sort of client did you register at the appmarket of Epic. Is this backend integration of patient/practitioner?

score 1 · Answer 2 · 2023-12-03T12:34:15-05:00

Yes I am attempting to connect to Epic Interconnect using OAuth 2.0. I created an internal backend application on vendor services and supplied it with a public key I had generated from our IRIS server.

I just haven’t found the right sequence of code or syntax for the request to happen yet. I’m working with WRC but since Epic suggested using JWT and our systems team doesn’t have a jwks setup it’s been kind of a hard thing to figure out.

score 0 · Answer 3 · 2023-12-04T05:14:35-05:00

Hi Scott,

Would be great if you could post the outcome of the WRC tickey. In the near future we also would like to create a generic backend connection to Epic.

Another part of the backend integration is the check of the JWT. So the JWT should be created at IRIS side with the correct client_id, scoped, audience etc. But on IRIS side you need to create a webpage where the public part of the key is hosted so Epic can check that the JWT is valid: