go to post Sylvie Greverend · Jul 5, 2024 Thanks @Ashok Kumar Working now. Also do not forget in the UI request header: Accept: 'Application/pdf', 'Content-Type': 'application/pdf'
go to post Sylvie Greverend · Jul 2, 2024 Excellent posts: https://community.intersystems.com/post/creating-rest-api-jwt-authentication-objectscript, https://community.intersystems.com/post/jwt-authentication-rest, https://docs.intersystems.com/hs20231/csp/docbook/DocBook.UI.Page.cls?KEY=HESECURE_login_app_sso I have still to figure out as my UI does not having a login - coming from clinical/ healthshare viewer navigation - how I can get the first refresh token. Healthshare has some session storages like hs-navigation:refresh_token. Is it the way to go?
go to post Sylvie Greverend · Jun 24, 2024 Thanks @Yaron Munz, @Ashok Kumar, @Luis Angel Pérez Ramos, I implemented the bearer token I can get from the rest api call "/login". Luis gave the link https://docs.intersystems.com/iris20241/csp/docbook/Doc.View.cls?KEY=ROA.... Just do not forget to activate jwt in the csp of you rest entry point in management portal. Sorry I published a lot about my auth problem because my task is: I am connecting an angular application to healthshare world: mainly clinical viewer. My customer wants to share sessions. At first, I was using a csp application to give angular the auth level. It seems to work well. But thanks to intersystems support, I understood clinical is in one csp session and angular is in another one. So now with your advice, I created an angular route guard / angular interceptor to protect access to pages and deliver token in header. (I still have to work on refresh token - I will share some code when clean). But I am still not connected to healthshare clinical viewer. Clinical viewer is using jwt tokens, and my angular app is called from the healthshare navigation application configuration. I can not figure out how I can use the clinical viewer tokens. Do I have something to do in the url in the hs navigation ui. Some interesting ideas on: openid connect, universal login app, heathshare api user registration.
go to post Sylvie Greverend · Apr 1, 2024 I solved my problem. I do not need anymore Access-Control-Allow-Origin: *, HandleCorsRequest, or x-ISC_DispatchParent. No change in iris codeMy UI is in angular, I created a proxy { "/api/air": { "target": "http://server.com:52774", "secure": false, "changeOrigin": true }} And my angular server running on http:://localhost:4200 call the api with the url http://localhost:4200/api/air. A excellent article about cors: https://medium.com/@stephen.biston/resolve-cors-errors-once-and-for-all-... And https://angular.io/guide/build#proxying-to-a-backend-server
go to post Sylvie Greverend · Mar 29, 2024 I think I found one answer: https://docs.intersystems.com/healthconnect20241/csp/docbook/Doc.View.cl...x-ISC_CORS
go to post Sylvie Greverend · Mar 20, 2024 Thank you, Oliver. I used the other method you gave me using the iris terminal do ##class(%REST.API).CreateApplication(package,.obj,,.new,.error), and I have my classes