#Authentication

This article is intended as a beginner level article for people that want to learn how to use OAuth2 in their web applications natively.

There is an accompanying video/demo that may be helpful here: 

and you can reproduce this locally with the Open Exchange application attached.

OAuth2 as a native authentication type for web applications

OAuth (Open Authorization) 2.0 is a standard way to let one application call another application’s API without sharing a username and password.

Also in previous versions you could define your FHIR Server to accept requests via OAuth 2.0 (e.g. for a SMART on FHIR client) but nowadays with v2024.3, which was released a while ago, there is a new feature, that enables doing this more easily - the OAuth FHIR Client QuickStart.

When I was younger (a question about exactly how much younger is outside the scope of this article), the word “token” meant fun. You see, just a couple of times a year, I would get to go to an arcade and play some amusing video games with my friends.

These days, tokens signify security. JSON Web Token (JWT) Authentication has become one of the most popular standards for securing REST APIs. Fortunately for IRIS users, we have a straightforward way to set up applications to be protected this way. Yet, the idea is still similar to my old arcade days.

Hi:

I see a lot of cool REST apps and i'm trying to host something in the TIE using REST/Axios with VITE. 

At the moment i will probably host the application in web applications in Intersytems. 

For authorisation and getting the logged in user and password to any app, is there a standard people are doing? 

I.e. for axios you might have this from the app

auth: {
        username: apiUser,
        password: apiPass
      }

But surely you want to pass through credentials from the IRIS logged in user, or alternatively pass the credential request to IRIS API to first receive the data.

Hi community,

A colleague gets ERROR #822: Access denied every time he tries to log in via Management portal. It is NOT the case of wrong credentials: I reset his password password to a temporary one so it would prompt him to create a new one upon first login. He did get the prompt, changed his password and his next attempt at logging in displayed the same error.

The audit log record displays this:
Error message: ERROR #862: User is restricted from running application /csp/sys/op, %Admin_Operate:U required -- cannot execute.

I am trying to set up a web application with Delegated Authentication via IPM. It is possible to give a specific application Delegated Authentication:

<WebApplication
        Name="/${namespaceLower}/api"
        NameSpace="${namespace}"
        DispatchClass="pkg.isc.genai.rest.Handler"
        MatchRoles=":%All"
        AutheEnabled="#{$$$AutheDelegated}"
        Recurse="1"
        CookiePath="/${namespaceLower}/"
        />

with the AutheEnabled field.

At hackathons that InterSystems participated and I supported, many students were asking how all their teammates could use the same IRIS database that they spun up in a container. I suggested using ngrok to expose their localhost IRIS and realized we don't have documentation on that. Hence, I thought this would be great to let more people knwo about this powerful technique for enhancing collaboration during development and testing.

Step-by-Step Guide to Exposing InterSystems IRIS with ngrok

This guide will walk you through the process of exposing your local InterSystems IRIS instance using ngrok.

Hello,

I need to expose InterSystems HealthInsight dashboards over the internet to external operators. The authentication flow is managed externally. When a user is authenticated, our system receives an HTTP request with specific headers (e.g., operator’s fiscal code and hospital identifier) that we need to extract in order to:

• Authorize the user to access the dashboards.
• Apply row-level security on the dashboards, filtering the data by hospital and user role.

I need to connect to a SFTP server and I seem to connect and timeout have tested the connection using File-zilla and the connection was successful but the problem is when I try to connect using the FTP in bound adapter service I get the following errors.

ERROR <Ens>ErrOutConnectExpired: FTP Connect timeout period (120) expired for ***************.com:990/******/SSL='********* + ERROR <Ens>ErrFTPConnectFailed: FTP: Failed to connect to server ***************.

Over the past couple of months, I have been working on the SMART on FHIR EHR Launch to test the capabilities of IRIS for Health using two open-source apps from CSIRO: SMART-EHR-Launcher and SMART Forms App. This journey has been incredibly interesting, and I’m truly grateful for the opportunity to work on this task and explore more of IRIS for Health’s potential.

After successfully demonstrating the seamless launch of multiple external SMART apps at the HL7 AU FHIR Connectathon, I’m excited to share what I’ve learned with the community.

 JSON Web Token (JWT) Authentication

Hi Everyone,

I would like to share the code and step-by-step instructions/or guideline for generating a JWT (JSON Web Token) signature, as well as how to test it using Postman / HealthConnect.

JWT is an open standard (RFC 7519) that defines a compact, URL-safe method for securely transmitting information between parties in the form of a JSON object.

Structure of a JWT:

A JWT consists of three parts, separated by dots (.):

Hey,

I need to read a directory on a remote server which requires a user to be su. The question is how to correctly read the server response and then to send a su password using IRIS device I/O API (I'm able to read other commands output such as uname, but can't figure out how to switch to su):

// Init SSH session
Set .Session = ##class(%Net.SSH.Session).%New()
Set status = .Session.Connect(.Server)
$$$ThrowOnError(status)
Set status = .Session.AuthenticateWithUsername(.UserName, .Password)
$$$ThrowOnError(status)

// SUDO
#Dim device
Set device = ""
Set status = .