New post

#OAuth2

2

Articles and Questions regarding OAuth2 Authentication.

Hi,

I do have the problem to send mails to outlook after getting the new OAUTH2 token.

I have no problem getting the token, but after I got the token I try to send the mail thru smtp but authorization failed , please see my try to send the token thru the %Net.Authenticator mechanism %Net.SASL.XOAUTH2

Is this ok?

Or is there an other method to authenticate using the needed bearer method instead of user/pwd with the authenticator?

....code to get the token is working..

0 0
0 21
Contestant

What is JWT?

JWT (JSON Web Token) is an open standard (RFC 7519) that offers a lightweight, compact, and self-contained method for securely transmitting information between two parties. It is commonly used in web applications for authentication, authorization, and information exchange.

A JWT is typically composed of three parts:

1. JOSE (JSON Object Signing and Encryption) Header
2. Payload
3. Signature

6 0
3 53

In your Interoperability Production you could always have a Business Operation that is an HTTP client, that uses OAuth 2.0 for authentication, but you had to customize the Operation for this authentication methodology. Since v2024.3, which was lately released, there is a new capability, providing new settings, to handle this more easily.

4 0
0 69

I have started working on utilizing Epic on FHIR about a month ago.

Creating a Public Private Key Pair

mkdir /home/ec2-user/path_to_key
openssl genrsa -out ./path_to_key/privatekey.pem 2048

For backend apps, you can export the public key to a base64 encoded X.509 certificate named publickey509.pem using this command...

Open Exchange app
4 2
1 156

I am trying to work with Epic on FHIR. Epic's documentation stated, your application makes a HTTP POST request to the authorization server's OAuth 2.0 token endpoint to obtain access token.

Set tSC = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient(pClient,pScopes,.prop,.err) returns

ERROR #9761: No key in provided JWKS for alg ES512 and kid

I check this /csp/sys/oauth2/OAuth2.JWTServer.cls?client_name=medbank and I see this:

0 1
0 36

Over the past couple of months, I have been working on the SMART on FHIR EHR Launch to test the capabilities of IRIS for Health using two open-source apps from CSIRO: SMART-EHR-Launcher and SMART Forms App. This journey has been incredibly interesting, and I’m truly grateful for the opportunity to work on this task and explore more of IRIS for Health’s potential.

7 0
0 51

Hi all,

I'm performing a migration of some services from one instance to another, and I noticed that the technique defined within the InterSystems Server Migration Guide does not include OAuth client configurations. The recommended technique is to use the ##class(Security.System).ExportAll() and ##class(Security.System).ImportAll() methods.

Is there a way to migrate OAuth client configurations, or do those have to be re-created manually?

2 5
0 424

I want to integrate IRIS with Keycloak OAuth2 provider to use delegated authentication everywhere and to secure everything - sys*/Portal applications, REST services, FHIR server and so on. If an unathenticated user tries to access any IRIS URL - he or she should be redirected to Keycloak. After the user has successfully authenticated, i would like to access his requistes (username, email, roles, scopes) extracted from the JWT token, programmatically. What should be done to achieve that?

1 1
0 111

I finally figured out how to get JWT token using set x = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient("medbank","openid fhirUser",.prop,.err).

I also found iris-fhir-client app on Open Exchange. I registered Epic sandbox server, but I cannot list resources. I suspect I need to integrate authorization / authentication. How do I do this with irisfhirclient py?

2 1
0 67

Working on a project where I'm needing to make FHIR calls from my HealthConnect Interop production to Epic.

My issue is I'm not able to construct a valid JWT for the OAuth token retrieval that Epic will accept. I have the below code where I'm able to create a valid header and payload that I'm base64URL encoding and then trying to sign with my .pem private key file. However, Epic is not liking the signature portion of my JWT.

1 1
0 124
Question
· Nov 19, 2024
How to create a signed JWT

I need to create a JWT to connect to EPIC FHIRserver sandbox.

https://fhir.epic.com/Documentation?docId=oauth2&section=BackendOAuth2Guide

You will generate a one-time use JSON Web Token (JWT) to authenticate your app to the authorization server and obtain an access token that can be used to authenticate your app's web service calls. There are several libraries for creating JWTs. See jwt.io for some examples.

0 5
0 130
Question
· Jul 23, 2024
JWT and CORS

Hi

I'm trying to use JWT authentication on a REST application in IRIS. The login API are correctly "injected" into the application. Login works fine with Postman and other REST clients, and subsequent calls to my REST API using the bearer token work fine (correctly authenticated). So far, so good.

0 9
0 246

Based on a great sample and workshop built by @Luis Angel Pérez Ramos (see related articles and related Open Exchange app), which included a local InterSystems IRIS for Health container (and desired setup), this sample presented here, adapted the workshop for using the InterSystems Cloud FHIR Server, and it's related setup.

Open Exchange app
7 2
1 192

I am trying to use IRIS for Health as a Facade for an external FHIR Server, where IRIS provides the proper authentication.
The client authenticates using a bearer token obtained from the IRIS OAuth2 server via a jwt client assertion.
The IRIS endpoint, however, returns a 401 as soon as I remove the Unauthenticated access

Is there w way to make this work through configuration?

0 1
0 63

In the last article we presented the architecture of our SMART On FHIR project, so it's time to get down to business and start configuring all the elements that we are going to need.

We will first start with Auth0.

AUTH0 configuration

We will start by creating an Auth0 account with a valid email, once registered we will have to create our first application, and we will do it from the menu on the left:

Application menu

Open Exchange app
6 1
2 468
Question
· Aug 18, 2024
Microsoft Entra and IRIS

Dear All,

I am currently part of a team that is developing an application using Microsoft PowerApps as the front end and IRIS as the backend. Effectively that frontend screens, which are house and an Azure serve, call a series of REST interfaces exposed by IRIS from a physical Microsoft server. During the development stage we have not had any security in place but now we need to secure the application using a single sign on. PowerApps relies on Microsoft Entra for its security both LDAP and OAuth. Has anyone in the community connected IRIS to Microsoft Entra?

0 2
0 163

Question for folks who have connected to an External FHIR repository outside of IRIS. Within the HS.FHIRServer.Interop.HTTPOperation there is not an option to include TLS or an OAuth authentication when connecting to an external Repository. So then how is that piece done if you need to Authenticate against an OAuth Server before you are able to access the data or call the Web Services/REST calls?

0 1
0 145

Hello,

I have my server setup a resource server. When a user calls our API they submit a bearer token as authorization and in our dispatch class AccessCheck() we validate the JWT using ##class(%SYS.OAuth2.Validation).ValidateJWT().

If I include a scope to check in that method I get the error Scope check may only be done on requesting client and I'm not sure what this means. The method works without include the scope and will let me know if I have an unsigned token or an expired token.

0 5
0 266

Say I've been developing a web application that uses IRIS as the back end. I've been working on it with unauthenticated access. It's getting to the point where I would like to deploy it to users, but first I need to add authentication. Rather than using the default IRIS password authentication, I'd like users to sign in with my organization's Single Sign On, or some other popular identity provider like Google or GitHub. I've read that OpenID Connect is a common authentication standard, and it's supported by IRIS. What is the simplest way to get up and running?

7 2
3 1K

The objective of the article is to provide the reader with the following informations:

  • Configure and use the FHIR server
  • Create an OAuth2 Authorization Server
  • Bind the FHIR server to the OAuth2 Authorization Server for support of SMART on FHIR
  • Use the interoperability capabilities of IRIS for Health to filter FHIR resources
  • Create a custom operation on the FHIR server

Schema of the article:

Schema

Open Exchange app
8 3
6 398

We conclude this series of SMART On FHIR articles with Auth0 and InterSystems IRIS FHIR Repository by reviewing our application developed in Angular 16.

Let's remember what the architecture defined for our solution is like:

Our front-end application corresponds to the second column and as you can see it will be in charge of two things:

Open Exchange app
7 0
3 434