We have an OAuth server configured as an identity provider, and we have an external application (from another provider) that connects correctly with OAuth.
Due to the needs of the project, what we want to do is the following:
I am trying to work with Epic on FHIR. Epic's documentation stated, your application makes a HTTP POST request to the authorization server's OAuth 2.0 token endpoint to obtain access token.
Set tSC = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient(pClient,pScopes,.prop,.err) returns
ERROR #9761: No key in provided JWKS for alg ES512 and kid
I check this /csp/sys/oauth2/OAuth2.JWTServer.cls?client_name=medbank and I see this:
I want to integrate IRIS with Keycloak OAuth2 provider to use delegated authentication everywhere and to secure everything - sys*/Portal applications, REST services, FHIR server and so on. If an unathenticated user tries to access any IRIS URL - he or she should be redirected to Keycloak. After the user has successfully authenticated, i would like to access his requistes (username, email, roles, scopes) extracted from the JWT token, programmatically. What should be done to achieve that?
I finally figured out how to get JWT token using set x = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient("medbank","openid fhirUser",.prop,.err).
I also found iris-fhir-client app on Open Exchange. I registered Epic sandbox server, but I cannot list resources. I suspect I need to integrate authorization / authentication. How do I do this with irisfhirclient py?
I have an API set up in IRIS which is secured using an IRIS authentication service, so there is a bearer token being passed down in the request header.
I'm trying to use JWT authentication on a REST application in IRIS. The login API are correctly "injected" into the application. Login works fine with Postman and other REST clients, and subsequent calls to my REST API using the bearer token work fine (correctly authenticated). So far, so good.
I am trying to use IRIS for Health as a Facade for an external FHIR Server, where IRIS provides the proper authentication.
The client authenticates using a bearer token obtained from the IRIS OAuth2 server via a jwt client assertion.
The IRIS endpoint, however, returns a 401 as soon as I remove the Unauthenticated access
Is there w way to make this work through configuration?
I am currently part of a team that is developing an application using Microsoft PowerApps as the front end and IRIS as the backend. Effectively that frontend screens, which are house and an Azure serve, call a series of REST interfaces exposed by IRIS from a physical Microsoft server. During the development stage we have not had any security in place but now we need to secure the application using a single sign on. PowerApps relies on Microsoft Entra for its security both LDAP and OAuth. Has anyone in the community connected IRIS to Microsoft Entra?
By update