Hey Developers,

Enjoy watching the new video on InterSystems Developers YouTube:

⏯ Achieving Single Sign-On: External Providers, HealthShare Unified Care Record, Clinical Viewer @ Global Summit 2022

Foreword

InterSystems IRIS versions 2022.2 and newer feature a redesigned functionality for JSON web tokens (JWTs). Once housed under the %OAuth2 class package, the JWT class, along with other JSON web classes (JWCs), now live under %Net.JSON. This migration occured in order to modularize the JWCs. Before, they were closely intertwined with the implementation for the OAuth 2.0 framework. Now, they can be maintained and used separately from OAuth2.

Note: For backwards compatibility, the classes still exist under %OAuth2 package, but the codebase now uses %Net.JSON.

The goal of this article is t

Hi!

I'm playing with OAuth2 with FHIR Server, but returned tokens cause 401 or 403 errors when trying to get FHIR resources.

I tried using fhir-client.js and Postman. Access tokens returned have been failing for both, with a 401 when trying through fhir-client.js and a 403 using Postman.

Here are my settings:

 

fhir-client.js launch page

<!DOCTYPE html><html><head><scriptsrc="https://cdn.jsdelivr.net/npm/fhirclient@2.5.2/build/fhir-client.js"></script></head><body>Loading...</body><scr

Hi, 

I am trying to configure OAuth2 server to connect to Cerner Auth server to get FHIR API access token but I am getting the error "Discovery response not valid".

I can get the access token back okay from Cerner endpoint used in the OAuth configuration below via Postman and Manually sending the request via HTTP Operation from HealthShare, so the URLs I am using looks correct but the OAuth configuration is not working.   

Not sure if this is issue from Cerner side or HealthShare side. I tried enabling debugging but nothing useful.  

Client: Northwell Health

Role: Senior Developer

Location: Remote

Duration: 6+ Months

Description:

Team Overview:

The FHIR Platform team is tasked with providing the core infrastructure in providing access to Northwell HIE patient data complying with HL7 FHIR and USCDI standards.

Position Summary:

The primary purpose of this role is to provide technical design, coding, testing and documentation for multiple components in the FHIR solution.

Responsibilities:

• Develop end-to-end solutions, participate in code reviews, unit test and deploy.

• Documentation of technical d

You have read about OAuth2 / OpenID Connect but you don't know how to use it? Have you ever needed to implement Single Sign-On (SSO) or secure web services based on tokens? Did you have to add authentication / authorization to your web applications or services and you didn't know how to start?

What about a step by step example where you can set up an authorization server, a client and a resource server? Here you can find an example where you will configure InterSystems IRIS instances to act as each one of these OAuth2 roles.

A brief introduction

Authentication is the process of verifying that

Hey Developers,

In the second part, you will learn how to build a FHIR Application with OAuth 2.0 and OKTA:

⏯ Securing FHIR Applications with OAuth 2.0 (Part 2)

Since the ObjectScript plug-ins for VS Code use web services to connect to IRIS, is it possible for a VS Code user to authenticate against IRIS using OAuth?

Hello, developers!

In this article, I will show you how to configure FHIR repository + OAuth2 authorization server/resource server on IRIS for Health following the previous article.

In Part 1, we introduced the preliminary preparations, configuring the OAuth2 authorization server, and obtaining the access token.
Part 2 will show you how to build an FHIR repository and configure an OAuth2 client/resource server.

The FHIR repository configuration and the OAuth2 client/resource server that we will configure today can be used separately from the IRIS instance of the OAuth2 authorization server tha

Hi Community, 

Join us for this introduction to the terminology and workflow of using OAuth 2.0 with an HL7 FHIR server:

⏯ Securing FHIR Applications with OAuth 2.0 (Part 1)

LS,

Is there a samples on how to create the OAuth2 server from code? Now trying:
 

Hello,

I have been tinkering with FHIR recently and tried to update the FHIR servers Capability Statement after I made some changes. I updated an OAuth2.Issuer Service Registry entrys URL and needed to update the metadata which the FHIR server sends to the client so they can get the updated URL for the authorization server we use.

However, when I run the Console Setup tool with

do ##class(HS.FHIRServer.ConsoleSetup).Setup()

I get an error while the update is happening that %ZHS.HC.OAuth2.Utils class cannot be found. I wonder why this happens. I cannot find any information about that class

In this article I will demonstrate basics of OAuth2 authentication with GitHub account with the help of online demo 
https://dappsecurity.demo.community.intersystems.com/csp/user/index.csp by using SuperUser | SYS

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

In the previous part of this short series, we have learned about simple use case – acting as an OAUTH[1] client. Now, it’s time to bring our experience to a whole new level. We are going to build much more complex environment, where InterSystems IRIS is going to play a

Hi Developers!

Here're the technology bonuses for the Security Contest 2021 that will give you extra points in the voting:

• Basic Authentication usage - 2
• Bearer/JWT Authentication usage - 3
• OAuth 2.0 usage - 5
• Authorization components usage - 2
• Auditing usage - 2
• Data Encryption usage - 2
• Docker container usage - 2 
• ZPM Package deployment - 2
• Online Demo - 2
• Code Quality pass - 1
• Article on Developer Community - 2
• Video on YouTube - 3

See the details below.

I'm trying to save a list of AccessTokens a user for a specific user. This way I could present it together with other user-data.

I have tried calling ##class(OAuth2.Server.AccessToken).OpenByCode(authCode) from %OAuth2.Server.Authenticate's AfterAuthenticate() method. This only returns things like State and AuthorizationCode, but the AccessToken is empty at this point (afterwards it becomes filled out).

Is there a way to achieve storing the AccessToken as part of the login system?

I'm trying to implement an OAuth2 server, but I have som issues when trying to setup JWT under OAuth 2.0->Client.

I get the error message saying "No match between server name 'localhost' and SSL certificate values 'cache'". I have set up a SSL/TLS configuration as simple as possible without any certificate files. I'm accessing my server via HTTPS with an unsigned certificate.

Can anyone point me in the right direction on how to resolve the issue I'm encountering. 

Screenshot 1: When I set "Source other than dynamic registration" to "JWKS from URL" under "JSON Web Token (JWT) Settings"

Let's imagine if you would like to write some real web application, for instance, some simple clone of medium.com. Such sort of application can be written using any different language on the backend side, or with any framework on the frontend side. So many ways to do the same application, and you can look at this project. Which offers a bunch of frontends and backends realizations for exactly the same application. And you can easily mix them, any chosen frontend should work with any backend.

Let me introduce the same application realization for InterSystems IRIS on a backend side.

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

The second part discussed and showed in detail the steps needed to configure IAM to validate the access token present in the incoming request and forward the request to the backend if the validation s

Hello, developers!

In this article, we will focus on OAuth2, a protocol that is increasingly being used in combination with FHIR to perform authorization.

In this part 1, we will start up the Docker container for IRIS for Health and Apache, configure the OAuth2 authorization server function on IRIS for Health, access it from the REST development tool Postman, and obtain an access token. Besides, in Part 2 and beyond, we will add FHIR repository functionality to IRIS for Health, add OAuth2 resource server configuration, and explain how to execute FHIR requests with access tokens from Postman.

S

Hi,

I am very much a newbe on the subject of JWT, so please except my ignorance.

The Trust I am currently working for wish to create a framework whereby they can create REST API Services, within HealthConnect, and grant access to these using JSON Web Token Authorisation and Bearer Tokens. This would be similar to the way the Trust currently connects to other REST API's, i.e.: DocMan Connect and GOV.UK Notify.

Can anyone offer any advice / sample code and / or point me into the direct of suitable documentation to achieve this?

Also, any advice on how to set-up and use OAuth and OpenID Conne

How can you allow computers to trust one another in your absence while maintaining security and privacy?

“A Dry Martini”, he said. “One. In a deep champagne goblet.”
“Oui, monsieur.”
“Just a moment. Three measures of Gordons, one of vodka, half a measure of Kina Lillet. Shake it very well until it’s ice-cold, then add a large thin slice of lemon peel. Got it?”
"Certainly, monsieur." The barman seemed pleased with the idea.
Casino Royale, Ian Fleming, 1953

OAuth helps to separate services with user credentials from “working” databases, both physically and geographically. It thereby strengthens the protection of identification data and, if necessary, helps you comply with the requirements of countries' data protection laws.

With OAuth, you can provide the user with the ability to work safely from multiple devices at once, while "exposing" personal data to various services and applications as little as possible. You can also avoid taking on "excess" data about users of your services (i.e. you can process data in a depersonalized form).

Hi all,

a HealthConnect customer of ours came across with a question to use an external service via REST and OpenID within one of his HealthConnect  (2020.1) productions. The overal idea is to send data to the external system after receiving a baerer token to use for the communication between HealthConnect and this system.

Since I´ve never done such thing before I have an idea to solve this task but looking for a best practise way to do so. Using the RESt-Api of the external system is not the question here. More interesting is the mechanismn to receive a new bearer token and use it in the co

Introduction

Nowadays, there is a lot of applications that are using Open Authorization framework (OAuth) to access resources from all kinds of services in a secure, reliable and efficient manner. InterSystems IRIS is already compatible with OAuth 2.0 framework, in fact, there is a great article in the community regarding OAuth 2.0 and InterSystems IRIS in the following link here.

However, with the advent of API Management tools, some organizations are using it as a single point of authentication, preventing unauthorized requests to arrive at downstream services and decoupling authorization/

This article, and following two articles of the series, is intended as a user guide for developers or system administrators, who need to work with OAuth 2.0 framework (further referred to as OAUTH for simplicity) in their InterSystems product based applications.

Hi!

we are evaluating IRIS Data Platform as an OAuth2 Authorization Server with the use of the official Docker image. We currently struggle with the OAuth2 setup, as we are required to use https:// for the /oauth2/authorize and /oauth2/token endpoints, but the Docker container exposes only http:// in its default configuration. We have tried to find any hints in the docs but were not successful. Any help is appreciated.

Thanks

Klaus & Lukas

In .NET Core you have an option to extend a session using a "sliding expiration". This means that if over half the time has passed and the user actively uses their session then the expiry timer gets reset and the user remains logged in. This can lead to the curious situation where you have an active authenticated user with an expired access token being used in data-access requests.

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:  

https://52773b-62955584.labs.learning.intersystems.com/oauth2/authorize?response_type=code&client_id=nHCv5A-u_5T1YAwk_tJ7xpi1ky-s2AnRQMaL6YHsUgU&redirect_uri=https%3A//52773b-99792125.labs.learning.intersystems.com/csp/sys/oauth2/OAuth2.Response.cls&scope=scop

I have an OAuth 2.0 development environment where Caché is serving all three roles as the Authorization Server, Client and Resource Server based on a great 3-part series on OAuth 2.0 by @Daniel Kutac. I have a simple password grant type where an x-www-form-urlencoded body (as described in this post) is sent as a POST to the token endpoint at https://localhost:57773/oauth2/token and a response body with a HTTP Response 200 header is returned. The response body looks something like this.

Presenter: Dan Kutac
Task: Use a common login identity and a central mechanism of authentication across environments from multiple entities
Approach: Provide examples and code samples of an application environment using OpenID Connect and OAuth 2.0
 

Description: In this session we will demonstrate an application environment using OpenID Connect and OAuth 2.0. Hear how this is done and what options you have; and yes, you get to keep the code.

Problem: How to use a a common login identity (e.g. Facebook credentials) and a central mechanism of authorization cross environments from multiple entities.

Solution: Create awareness and interest in using OAuth 2.0

Content related to this session, including slides, video and additional learning content can be found here.