New post

#OAuth2

2

Articles and Questions regarding OAuth2 Authentication.

I am trying to setup a OAuth2.0 configuration to connect to a server within our Network using OAuth2.0. My previous attempt worked, however forgot to capture the steps before I had whipped the System so please bear with me.

I have an SSL/TLS Client configuration setup as we use the setup for our LDAP configuration.

When I go through the following steps within the Terminal, I am getting the following error...

0 4
0 62

Hello,

I have my server setup a resource server. When a user calls our API they submit a bearer token as authorization and in our dispatch class AccessCheck() we validate the JWT using ##class(%SYS.OAuth2.Validation).ValidateJWT().

If I include a scope to check in that method I get the error Scope check may only be done on requesting client and I'm not sure what this means. The method works without include the scope and will let me know if I have an unsigned token or an expired token.

0 5
0 82

The objective of the article is to provide the reader with the following informations:

  • Configure and use the FHIR server
  • Create an OAuth2 Authorization Server
  • Bind the FHIR server to the OAuth2 Authorization Server for support of SMART on FHIR
  • Use the interoperability capabilities of IRIS for Health to filter FHIR resources
  • Create a custom operation on the FHIR server

Schema of the article:

Schema

Open Exchange app
8 3
6 229

We conclude this series of SMART On FHIR articles with Auth0 and InterSystems IRIS FHIR Repository by reviewing our application developed in Angular 16.

Let's remember what the architecture defined for our solution is like:

Our front-end application corresponds to the second column and as you can see it will be in charge of two things:

Open Exchange app
7 0
3 202

In the last article we presented the architecture of our SMART On FHIR project, so it's time to get down to business and start configuring all the elements that we are going to need.

We will first start with Auth0.

AUTH0 configuration

We will start by creating an Auth0 account with a valid email, once registered we will have to create our first application, and we will do it from the menu on the left:

Application menu

Open Exchange app
5 0
2 187

Introduction

I recently participated in a fantastically organized hands-on by @Patrick Jamieson in which an Angular application was configured together with an IRIS FHIR server following the protocols defined by SMART On FHIR and I found it really interesting, so I decided to develop my own Angular application and thus take advantage of what I learned to publish it in the Community.

SMART On FHIR

Let's see what Google tells us about SMART On FHIR:

Open Exchange app
2 0
1 145

Hi Developers,

Get an overview of InterSystems IRIS in the different roles in OAuth 2.0 and the configuration menus for those roles. Watch practical demos of InterSystems IRIS in those roles and see how they connect back to OAuth 2.0 concepts:

OAuth 2.0 in Practice with InterSystems Products @ Global Summit 2023

https://www.youtube.com/embed/4jAeztgR0Gs
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

1 0
0 141

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

1 0
0 90

Hi Developers,

Watch this video to learn the different roles in OAuth 2.0, scopes, tokens, important authentication flows/grant types, and more:

OAuth 2.0 Fundamentals @ Global Summit 2023

https://www.youtube.com/embed/5zLdCs5cCd0
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

3 4
0 221

Trying to setup my first OAuth 2 client to authenticate against Epic's Interconnect instance that is hosting FHIR/Web Service API's. Epic's documentation says the JWT request has to be sent as a POST request..

Does 

GetAuthorizationCodeEndpoint

and 

GetImplicitEndpoint

automatically put the request into a POST request, or do I need to format a %Net.HttpRequest to POST?

Thanks

Scott

1 4
0 200

Hello,

I have created a service in Node.js which interacts with IRIS using APIs. The current implementation uses basic auth. I want to implement OAuth 2, to make the communication between the node.js service and IRIS secure. I want my service to act as client and IRIS as Authorization and Resource server. I don't know how to do that. Anyone who has implemented OAuth using IRIS can you help me out or point me in the right direction on about how to implement it?

Thank you for your help :)

0 6
0 232
Question
· Nov 17, 2023
Testing OAuth2

I am attempting to setup my first OAuth2 client, as we are adventuring into the realm of making FHIR API calls to our EMR from HealthShare Health Connect.

I have gone through and set up the Issuer Endpoint, and Client Configuration but now I want to test it and verify that the setup is correct. When I setup the Client Configuration, it would not allow me to use Discovery as it was saying I needed a "Client secret" but was not given one. So I set it up manually, thinking I hit all the information correctly.

2 2
0 222

Problem

In a fast-paced clinical environment, where quick decision-making is crucial, the lack of streamlined document storage and access systems poses several obstacles. While storage solutions for documents exist (e.g, FHIR), accessing and effectively searching for specific patient data within those documents meaningfully can be a significant challenge.

Open Exchange app
7 0
2 373

This is a bit of an IRIS question but also and OAuth 2.0 questions:

I am using %OAuth2.JWT.JWTToObject() to "validate" a JWT. My questions:

- While I am checking claims with the returned body, does the return status of the method "count" as a validation step? In other words, if I weren't checking claims and $$$OK was returned from that method call (passing in the token and public keys), I could feel confident that this token came from the expected auth server?

0 4
0 225

Hi Community,

Watch this video to learn about the new and future changes to the security framework in the HealthShare product suite. Topics include OAuth 2.0, SSO, and the Universal Login Page:

Updates in Security in the HealthShare Suite @ Global Summit 2022

https://www.youtube.com/embed/ypX0QnWisNk
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

1 0
0 172
Question
· May 2, 2023
JWS/JWT Header X5C

Hello All,

I'm trying to sign some custom JWT with x.509 certs but running into a problem with the signed JWT containing some information I need in the JOSE header.

Is there a way to get the "X5C:[]" header included in the signed JTW? IS this as easy as setting something like the following

Set JOSE("x5c") = "public key"

Thanks

John

0 1
0 169

Hey Developers,

Enjoy watching the new video on InterSystems Developers YouTube:

Achieving Single Sign-On: External Providers, HealthShare Unified Care Record, Clinical Viewer @ Global Summit 2022

https://www.youtube.com/embed/BjIeR3EXPUA
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
0 425
Article
· Mar 7, 2023 10m read
Reference for the JSON Web Classes

Foreword

InterSystems IRIS versions 2022.2 and newer feature a redesigned functionality for JSON web tokens (JWTs). Once housed under the %OAuth2 class package, the JWT class, along with other JSON web classes (JWCs), now live under %Net.JSON. This migration occured in order to modularize the JWCs. Before, they were closely intertwined with the implementation for the OAuth 2.0 framework. Now, they can be maintained and used separately from OAuth2.

2 0
0 376

Good afternoon! 👋 We would be very grateful if you are kind enough to read and respond to our request 😊.

We need given an Authentication request issued towards our OAuth 2.0 authorization server; that in case of error, the responded message is customized.

Currently if we point from POSTMAN to:
https://[IP]:[Port]/oauth2/token?grant_type=client_credentials&scope=my/scope

Username: Erroneous
Password: Erroneous

0 2
0 175

Hi,

I am trying to configure OAuth2 server to connect to Cerner Auth server to get FHIR API access token but I am getting the error "Discovery response not valid".

I can get the access token back okay from Cerner endpoint used in the OAuth configuration below via Postman and Manually sending the request via HTTP Operation from HealthShare, so the URLs I am using looks correct but the OAuth configuration is not working.

0 6
0 339

Say I've been developing a web application that uses IRIS as the back end. I've been working on it with unauthenticated access. It's getting to the point where I would like to deploy it to users, but first I need to add authentication. Rather than using the default IRIS password authentication, I'd like users to sign in with my organization's Single Sign On, or some other popular identity provider like Google or GitHub. I've read that OpenID Connect is a common authentication standard, and it's supported by IRIS. What is the simplest way to get up and running?

7 2
3 738

Hey Developers,

In the second part, you will learn how to build a FHIR Application with OAuth 2.0 and OKTA:

Securing FHIR Applications with OAuth 2.0 (Part 2)

https://www.youtube.com/embed/4Dk9MYrWaX8
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
0 244