New post

#OAuth2

2

Articles and Questions regarding OAuth2 Authentication.

I have an OAuth 2.0 development environment where Caché is serving all three roles as the Authorization Server, Client and Resource Server based on a great 3-part series on OAuth 2.0 by @Daniel Kutac. I have a simple password grant type where an x-www-form-urlencoded body (as described in this post) is sent as a POST to the token endpoint at https://localhost:57773/oauth2/token and a response body with a HTTP Response 200 header is returned. The response body looks something like this.

2 3
0 2.6K

I finally figured out how to get JWT token using set x = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient("medbank","openid fhirUser",.prop,.err).

I also found iris-fhir-client app on Open Exchange. I registered Epic sandbox server, but I cannot list resources. I suspect I need to integrate authorization / authentication. How do I do this with irisfhirclient py?

2 1
0 71
Question
· Nov 17, 2023
Testing OAuth2

I am attempting to setup my first OAuth2 client, as we are adventuring into the realm of making FHIR API calls to our EMR from HealthShare Health Connect.

I have gone through and set up the Issuer Endpoint, and Client Configuration but now I want to test it and verify that the setup is correct. When I setup the Client Configuration, it would not allow me to use Discovery as it was saying I needed a "Client secret" but was not given one. So I set it up manually, thinking I hit all the information correctly.

2 2
0 341

Hi all,

I'm performing a migration of some services from one instance to another, and I noticed that the technique defined within the InterSystems Server Migration Guide does not include OAuth client configurations. The recommended technique is to use the ##class(Security.System).ExportAll() and ##class(Security.System).ImportAll() methods.

Is there a way to migrate OAuth client configurations, or do those have to be re-created manually?

2 5
0 426

Trying to setup my first OAuth 2 client to authenticate against Epic's Interconnect instance that is hosting FHIR/Web Service API's. Epic's documentation says the JWT request has to be sent as a POST request..

Does 

GetAuthorizationCodeEndpoint

and 

GetImplicitEndpoint

automatically put the request into a POST request, or do I need to format a %Net.HttpRequest to POST?

Thanks

Scott

1 4
0 320

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

1 0
0 162

I'm using Caché as an OAuth authorization server and I want to accept the password credentials grant type. I've found that if I make an authorize request, the Caché authorization server requires some URL parameters that shouldn't be required in password grant (redirect_uri, state, scope, and response_type). If I include these parameters, it calls my DirectLogin() method instead of just calling ValidateUser() as I would expect from the docs. I have two questions:

1 3
1 711

Working on a project where I'm needing to make FHIR calls from my HealthConnect Interop production to Epic.

My issue is I'm not able to construct a valid JWT for the OAuth token retrieval that Epic will accept. I have the below code where I'm able to create a valid header and payload that I'm base64URL encoding and then trying to sign with my .pem private key file. However, Epic is not liking the signature portion of my JWT.

1 1
0 129

Hi,

Most of my development experience is with HL7v2 interfaces and I don't have a background in web development and I'm very weak with javascript.

I'm looking for suggestions of learning resources to learn FHIR and 'SMART on FHIR' (JavaScript, OpenID connect, OAuth2) for developers like myself who mostly do HL7v2 integrations - but see FHIR as the future - and want to develop their skills!

I've found these

1 1
1 1.6K

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:

1 3
1 932
Question
· Jun 15, 2016
Oauth 1.0 library

I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.

Thanks in advance for any help.

[UPDATE 06/28/2016]

1 3
0 618

I want to integrate IRIS with Keycloak OAuth2 provider to use delegated authentication everywhere and to secure everything - sys*/Portal applications, REST services, FHIR server and so on. If an unathenticated user tries to access any IRIS URL - he or she should be redirected to Keycloak. After the user has successfully authenticated, i would like to access his requistes (username, email, roles, scopes) extracted from the JWT token, programmatically. What should be done to achieve that?

1 1
0 116

Unless I'm mistaken, 2017.1 doesn't appear to support RFC 7523 (JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants). Is that coming in 2017.2?

In order to support it in 2017.1, I'd have to override the OAuth 2.0 token endpoint to cater for the additional grant types - what's the best way to do this?

Thanks.

0 3
0 704

I'm trying to implement an OAuth2 server, but I have som issues when trying to setup JWT under OAuth 2.0->Client.

I get the error message saying "No match between server name 'localhost' and SSL certificate values 'cache'". I have set up a SSL/TLS configuration as simple as possible without any certificate files. I'm accessing my server via HTTPS with an unsigned certificate.

Can anyone point me in the right direction on how to resolve the issue I'm encountering.

0 1
0 618

Hi,

I am a beginner on intersystems technologies ! and i want implements Oauth2 for our projects ( Angular 2 + Caché REST Backend).

i read the article that the link is below :

https://community.intersystems.com/post/cach%C3%A9-open-authorization-framework-oauth-20-implementation-part-1

But : i need to create all servers ( Auth and Resource ) on Caché and dont' to use google server.

0 4
0 932

I'm trying to save a list of AccessTokens a user for a specific user. This way I could present it together with other user-data.

I have tried calling ##class(OAuth2.Server.AccessToken).OpenByCode(authCode) from %OAuth2.Server.Authenticate's AfterAuthenticate() method. This only returns things like State and AuthorizationCode, but the AccessToken is empty at this point (afterwards it becomes filled out).

Is there a way to achieve storing the AccessToken as part of the login system?

0 1
0 288
Question
· Oct 30, 2017
Oauth 2.0 framework

Hi Team

i want to implement an Oauth 2.0 framework in my application , i define my connexion IHM, i want to check if the login and password are right when a user connect

do you've any idea ?

thank's

0 2
0 552

Hello,

I have been tinkering with FHIR recently and tried to update the FHIR servers Capability Statement after I made some changes. I updated an OAuth2.Issuer Service Registry entrys URL and needed to update the metadata which the FHIR server sends to the client so they can get the updated URL for the authorization server we use.

However, when I run the Console Setup tool with

0 2
0 432

Hello,

I have my server setup a resource server. When a user calls our API they submit a bearer token as authorization and in our dispatch class AccessCheck() we validate the JWT using ##class(%SYS.OAuth2.Validation).ValidateJWT().

If I include a scope to check in that method I get the error Scope check may only be done on requesting client and I'm not sure what this means. The method works without include the scope and will let me know if I have an unsigned token or an expired token.

0 5
0 269

Hi,

I do have the problem to send mails to outlook after getting the new OAUTH2 token.

I have no problem getting the token, but after I got the token I try to send the mail thru smtp but authorization failed , please see my try to send the token thru the %Net.Authenticator mechanism %Net.SASL.XOAUTH2

Is this ok?

Or is there an other method to authenticate using the needed bearer method instead of user/pwd with the authenticator?

....code to get the token is working..

0 0
0 26

Question for folks who have connected to an External FHIR repository outside of IRIS. Within the HS.FHIRServer.Interop.HTTPOperation there is not an option to include TLS or an OAuth authentication when connecting to an external Repository. So then how is that piece done if you need to Authenticate against an OAuth Server before you are able to access the data or call the Web Services/REST calls?

0 1
0 150
Question
· Dec 5, 2017
Client description Oauth2

Hi community ,

i come back to you , i've a problem with Client description in Oauth2, when i tick the Supported grant types and i save , there are not registred on the OAuth2_Client.Metadata table .

can you tell me where is the problem please.

you will find attached a screenshot.

thank's

0 2
0 545
Question
· Jul 23, 2024
JWT and CORS

Hi

I'm trying to use JWT authentication on a REST application in IRIS. The login API are correctly "injected" into the application. Login works fine with Postman and other REST clients, and subsequent calls to my REST API using the bearer token work fine (correctly authenticated). So far, so good.

0 9
0 258