New post

#OAuth2

3

Articles and Questions regarding OAuth2 Authentication.

Hi all,

I'm performing a migration of some services from one instance to another, and I noticed that the technique defined within the InterSystems Server Migration Guide does not include OAuth client configurations. The recommended technique is to use the ##class(Security.System).ExportAll() and ##class(Security.System).ImportAll() methods.

Is there a way to migrate OAuth client configurations, or do those have to be re-created manually?

2 5
0 455

I finally figured out how to get JWT token using set x = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient("medbank","openid fhirUser",.prop,.err).

I also found iris-fhir-client app on Open Exchange. I registered Epic sandbox server, but I cannot list resources. I suspect I need to integrate authorization / authentication. How do I do this with irisfhirclient py?

2 1
0 102
Question
· Nov 17, 2023
Testing OAuth2

I am attempting to setup my first OAuth2 client, as we are adventuring into the realm of making FHIR API calls to our EMR from HealthShare Health Connect.

I have gone through and set up the Issuer Endpoint, and Client Configuration but now I want to test it and verify that the setup is correct. When I setup the Client Configuration, it would not allow me to use Discovery as it was saying I needed a "Client secret" but was not given one. So I set it up manually, thinking I hit all the information correctly.

2 2
0 369

Hi Community,

Watch this video to learn about the new and future changes to the security framework in the HealthShare product suite. Topics include OAuth 2.0, SSO, and the Universal Login Page:

Updates in Security in the HealthShare Suite @ Global Summit 2022

https://www.youtube.com/embed/ypX0QnWisNk
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

2 0
0 248
Article
· Mar 7, 2023 10m read
Reference for the JSON Web Classes

Foreword

InterSystems IRIS versions 2022.2 and newer feature a redesigned functionality for JSON web tokens (JWTs). Once housed under the %OAuth2 class package, the JWT class, along with other JSON web classes (JWCs), now live under %Net.JSON. This migration occured in order to modularize the JWCs. Before, they were closely intertwined with the implementation for the OAuth 2.0 framework. Now, they can be maintained and used separately from OAuth2.

2 0
0 633

I have an OAuth 2.0 development environment where Caché is serving all three roles as the Authorization Server, Client and Resource Server based on a great 3-part series on OAuth 2.0 by @Daniel Kutac. I have a simple password grant type where an x-www-form-urlencoded body (as described in this post) is sent as a POST to the token endpoint at https://localhost:57773/oauth2/token and a response body with a HTTP Response 200 header is returned. The response body looks something like this.

2 3
0 2.7K

InterSystems IRIS 2025.2.0 introduces several features to improve the user experience of configuring OAuth2.

- OAuth2 is now a native authentication type and can be easily enabled for your services and web applications. Previously, OAuth2 was a type of delegated authentication.

- You can now create resource servers with the new OAuth2.ResourceServer class, which simplifies resource server configuration significantly. Previously, resource servers were instances of OAuth2.Client.

1 0
0 68

I want to integrate IRIS with Keycloak OAuth2 provider to use delegated authentication everywhere and to secure everything - sys*/Portal applications, REST services, FHIR server and so on. If an unathenticated user tries to access any IRIS URL - he or she should be redirected to Keycloak. After the user has successfully authenticated, i would like to access his requistes (username, email, roles, scopes) extracted from the JWT token, programmatically. What should be done to achieve that?

1 1
0 173

Working on a project where I'm needing to make FHIR calls from my HealthConnect Interop production to Epic.

My issue is I'm not able to construct a valid JWT for the OAuth token retrieval that Epic will accept. I have the below code where I'm able to create a valid header and payload that I'm base64URL encoding and then trying to sign with my .pem private key file. However, Epic is not liking the signature portion of my JWT.

1 1
0 158

Hi Developers,

Get an overview of InterSystems IRIS in the different roles in OAuth 2.0 and the configuration menus for those roles. Watch practical demos of InterSystems IRIS in those roles and see how they connect back to OAuth 2.0 concepts:

OAuth 2.0 in Practice with InterSystems Products @ Global Summit 2023

https://www.youtube.com/embed/4jAeztgR0Gs
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

1 0
0 288

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

1 0
0 169

Trying to setup my first OAuth 2 client to authenticate against Epic's Interconnect instance that is hosting FHIR/Web Service API's. Epic's documentation says the JWT request has to be sent as a POST request..

Does 

GetAuthorizationCodeEndpoint

and 

GetImplicitEndpoint

automatically put the request into a POST request, or do I need to format a %Net.HttpRequest to POST?

Thanks

Scott

1 4
0 342
Question
· Jun 15, 2016
Oauth 1.0 library

I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.

Thanks in advance for any help.

[UPDATE 06/28/2016]

1 3
0 653

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:

1 3
1 974

Hi,

Most of my development experience is with HL7v2 interfaces and I don't have a background in web development and I'm very weak with javascript.

I'm looking for suggestions of learning resources to learn FHIR and 'SMART on FHIR' (JavaScript, OpenID connect, OAuth2) for developers like myself who mostly do HL7v2 integrations - but see FHIR as the future - and want to develop their skills!

I've found these

1 1
1 1.7K

I'm using Caché as an OAuth authorization server and I want to accept the password credentials grant type. I've found that if I make an authorize request, the Caché authorization server requires some URL parameters that shouldn't be required in password grant (redirect_uri, state, scope, and response_type). If I include these parameters, it calls my DirectLogin() method instead of just calling ValidateUser() as I would expect from the docs. I have two questions:

1 3
1 737

Hi,

I do have the problem to send mails to outlook after getting the new OAUTH2 token.

I have no problem getting the token, but after I got the token I try to send the mail thru smtp but authorization failed , please see my try to send the token thru the %Net.Authenticator mechanism %Net.SASL.XOAUTH2

Is this ok?

Or is there an other method to authenticate using the needed bearer method instead of user/pwd with the authenticator?

....code to get the token is working..

0 0
0 57

I am trying to work with Epic on FHIR. Epic's documentation stated, your application makes a HTTP POST request to the authorization server's OAuth 2.0 token endpoint to obtain access token.

Set tSC = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient(pClient,pScopes,.prop,.err) returns

ERROR #9761: No key in provided JWKS for alg ES512 and kid

I check this /csp/sys/oauth2/OAuth2.JWTServer.cls?client_name=medbank and I see this:

0 1
0 65
Question
· Nov 19, 2024
How to create a signed JWT

I need to create a JWT to connect to EPIC FHIRserver sandbox.

https://fhir.epic.com/Documentation?docId=oauth2&section=BackendOAuth2Guide

You will generate a one-time use JSON Web Token (JWT) to authenticate your app to the authorization server and obtain an access token that can be used to authenticate your app's web service calls. There are several libraries for creating JWTs. See jwt.io for some examples.

0 5
0 190
Question
· Jul 23, 2024
JWT and CORS

Hi

I'm trying to use JWT authentication on a REST application in IRIS. The login API are correctly "injected" into the application. Login works fine with Postman and other REST clients, and subsequent calls to my REST API using the bearer token work fine (correctly authenticated). So far, so good.

0 9
0 362