I'm playing with OAuth2 with FHIR Server, but returned tokens cause 401 or 403 errors when trying to get FHIR resources.
I tried using fhir-client.js and Postman. Access tokens returned have been failing for both, with a 401 when trying through fhir-client.js and a 403 using Postman.
I am trying to configure OAuth2 server to connect to Cerner Auth server to get FHIR API access token but I am getting the error "Discovery response not valid".
I can get the access token back okay from Cerner endpoint used in the OAuth configuration below via Postman and Manually sending the request via HTTP Operation from HealthShare, so the URLs I am using looks correct but the OAuth configuration is not working.
I'm trying to authorise my app using OAuth 2.0 i Cache. Sadly I'm unable to exchange the authorization code for an access token.
I am able to redirect user to the /authorize page, where the user can login and approve my app. The user is then correctly redirected back to my app and a ?code parameter is sent back.
Since the ObjectScript plug-ins for VS Code use web services to connect to IRIS, is it possible for a VS Code user to authenticate against IRIS using OAuth?
I am trying to get FHIR Resource using OAuth 2.0 . I get access_token sucessfully but when I use this token i get this type of error in postman. It is showing 401 Unauthorized please suggest any solution.
I have been tinkering with FHIR recently and tried to update the FHIR servers Capability Statement after I made some changes. I updated an OAuth2.Issuer Service Registry entrys URL and needed to update the metadata which the FHIR server sends to the client so they can get the updated URL for the authorization server we use.
I'm trying to save a list of AccessTokens a user for a specific user. This way I could present it together with other user-data.
I have tried calling ##class(OAuth2.Server.AccessToken).OpenByCode(authCode) from %OAuth2.Server.Authenticate's AfterAuthenticate() method. This only returns things like State and AuthorizationCode, but the AccessToken is empty at this point (afterwards it becomes filled out).
Is there a way to achieve storing the AccessToken as part of the login system?
I'm trying to implement an OAuth2 server, but I have som issues when trying to setup JWT under OAuth 2.0->Client.
I get the error message saying "No match between server name 'localhost' and SSL certificate values 'cache'". I have set up a SSL/TLS configuration as simple as possible without any certificate files. I'm accessing my server via HTTPS with an unsigned certificate.
Can anyone point me in the right direction on how to resolve the issue I'm encountering.
I'm performing a migration of some services from one instance to another, and I noticed that the technique defined within the InterSystems Server Migration Guide does not include OAuth client configurations. The recommended technique is to use the ##class(Security.System).ExportAll() and ##class(Security.System).ImportAll() methods.
Is there a way to migrate OAuth client configurations, or do those have to be re-created manually?
I am very much a newbe on the subject of JWT, so please except my ignorance.
The Trust I am currently working for wish to create a framework whereby they can create REST API Services, within HealthConnect, and grant access to these using JSON Web Token Authorisation and Bearer Tokens. This would be similar to the way the Trust currently connects to other REST API's, i.e.: DocMan Connect and GOV.UK Notify.
Can anyone offer any advice / sample code and / or point me into the direct of suitable documentation to achieve this?
a HealthConnect customer of ours came across with a question to use an external service via REST and OpenID within one of his HealthConnect (2020.1) productions. The overal idea is to send data to the external system after receiving a baerer token to use for the communication between HealthConnect and this system.
we are evaluating IRIS Data Platform as an OAuth2 Authorization Server with the use of the official Docker image. We currently struggle with the OAuth2 setup, as we are required to use https:// for the /oauth2/authorize and /oauth2/token endpoints, but the Docker container exposes only http:// in its default configuration. We have tried to find any hints in the docs but were not successful. Any help is appreciated.
In .NET Core you have an option to extend a session using a "sliding expiration". This means that if over half the time has passed and the user actively uses their session then the expiry timer gets reset and the user remains logged in. This can lead to the curious situation where you have an active authenticated user with an expired access token being used in data-access requests.
OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.
Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:
I have an OAuth 2.0 development environment where Caché is serving all three roles as the Authorization Server, Client and Resource Server based on a great 3-part series on OAuth 2.0 by @Daniel Kutac. I have a simple password grant type where an x-www-form-urlencoded body (as described in this post) is sent as a POST to the token endpoint at https://localhost:57773/oauth2/tokenand a response body with a HTTP Response 200 header is returned. The response body looks something like this.
Most of my development experience is with HL7v2 interfaces and I don't have a background in web development and I'm very weak with javascript.
I'm looking for suggestions of learning resources to learn FHIR and 'SMART on FHIR' (JavaScript, OpenID connect, OAuth2) for developers like myself who mostly do HL7v2 integrations - but see FHIR as the future - and want to develop their skills!
I'm using Caché as an OAuth authorization server and I want to accept the password credentials grant type. I've found that if I make an authorize request, the Caché authorization server requires some URL parameters that shouldn't be required in password grant (redirect_uri, state, scope, and response_type). If I include these parameters, it calls my DirectLogin() method instead of just calling ValidateUser() as I would expect from the docs. I have two questions:
Hi.. I have an issue where we are using OAuth2.0 with the ZAUTHENTICATE routine. Once our token is validated we are using a users lan id (passed on the ID token) to find a software defined username in a Cache Global.
That is all working fine in ZAUTHENTICATE.. I am setting the software defined username in the Properties("Comment") array and wanting to reference it in the Rest Service Dispatch class.
i come back to you , i've a problem with Client description in Oauth2, when i tick the Supported grant types and i save , there are not registred on the OAuth2_Client.Metadata table .
i want to implement an Oauth 2.0 framework in my application , i define my connexion IHM, i want to check if the login and password are right when a user connect
Unless I'm mistaken, 2017.1 doesn't appear to support RFC 7523 (JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants). Is that coming in 2017.2?
In order to support it in 2017.1, I'd have to override the OAuth 2.0 token endpoint to cater for the additional grant types - what's the best way to do this?
By date
.png)
.png)
I unable to change response Class.