Skip to content

2. Authorization Essentials

Jump to bottom
vanessuniq edited this page May 2, 2022 · 1 revision

Overview

This server requires a Smart launch using the OAuth workflow. The Authorization server is included in the ca.uhn.fhir.jpa.starter.authorization package. More details on preloaded data and debugging below.

Preloaded Users and Clients

The server will automatically include the following Users and Clients when it starts up.

Users

https://davinci-drug-formulary-ri.logicahealth.org/fhir/debug/Users

Patient ID Username Password
PDexPatient PDexPatient password

Clients

https://davinci-drug-formulary-ri.logicahealth.org/fhir/debug/Clients

ID RedirectURI Secret
b0c46635-c0b4-448c-a8b9-9bd282d2e05a http://localhost:3000/login bUYbEj5wpazS8Xv1jyruFKpuXa24OGn9MHuZ3ygKexaI5mhKUIzVEBvbv2uggVf1cW6kYD3cgTbCIGK3kjiMcmJq3OG9bn85Fh2x7JKYgy7Jwagdzs0qufgkhPGDvEoVpImpA4clIhfwn58qoTrfHx86ooWLWJeQh4s0StEMqoxLqboywr8u11qmMHd1xwBLehGXUbqpEBlkelBHDWaiCjkhwZeRe4nVu4o8wSAbPQIECQcTjqYBUrBjHlMx5vXU
6cfecf41-e364-44ab-a06f-77f8b0c56c2b https://pdex-formulary-client.org/login XHNdbHQlOrWXQ8eeXHvZal1EDjI3n2ISlqhtP30Zc89Ad2NuzreoorWQ5P8dPrxtk267SJ23mbxlMzjriAGgkaTnm6Y9f1cOas4Z6xhWXxG43bkIKHhawMR6gGDXAuEWc8wXUHteZIi4YCX6E1qAvGdsXS1KBhkUf1CLcGmauhbCMd73CjMugT527mpLnIebuTp4LYDiJag0usCE6B6fYuTWV21AbvydLnLsMsk83T7aobE4p9R0upL2Ph3OFTE1

Debug

There are a few debug endpoints to help with debugging issues related to authorization.

Endpoint Description
/debug/Clients Full view of the authorization Clients table
/debug/Users Full view of the authorization Users table
/debug/Log Server log

For testing purposes an admin token is available for clients that do not support this workflow yet. The admin token is eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2RhdmluY2ktZHJ1Zy1mb3JtdWxhcnktcmkubG9naWNhaGVhbHRoLm9yZy9maGlyIiwiaWF0IjoxNjQ1MTMzNDU0LCJleHAiOjE3Mzk4Mjc4NTQsImF1ZCI6Imh0dHBzOi8vZGF2aW5jaS1kcnVnLWZvcm11bGFyeS1yaS5sb2dpY2FoZWFsdGgub3JnL2ZoaXIiLCJzdWIiOiJhZG1pbiIsInBhdGllbnRfaWQiOiJhZG1pbiJ9.cLvTTpGH5lxXMjwsPN-1NPo9jUuc6C43FcjH8s81VA5kXdmRdQhAww2oO_i_IOTUnOVaIU-JU9Ygd3MBXckPnVlrLiN_Dtdb_71DcqpVJflc9FAqorcUGmaE5qg-nZVI_sKofPaliYxUeBriTgwS06VtILl2k2WylAD83LbDjBCCq4MBHlaWSCqc9LRKJT3Ez3D93IPWgwBgPT46cIML6_PdwLO5Zl5XkEyXLjsUUAuraPM-dET7tw6KLr0gbd6Xdj2BuZLZjYmxTOWry_n6hAiQDTQ2iaLtwp2rtZlfbX5L38cpri-TRKN1l7EeNguJXk1dVfPPv78_5qqhqg71jQ

The JWT Token Structure is below. A helpful tool for debugging the tokens is jwt.io.

JWT Token Structure

JWT tokens are used throughout this process to digitally sign the Authorization Code and the Access Token. All JWT tokens in this reference implementation utilize the HS256 algorithm. The structure of the payload for the access token is shown below:

Access Token Payload Structure

{
  "iss": "https://davinci-drug-formulary-ri.logicahealth.org/fhir",
  "iat": 1645133454,
  "exp": 1739827854,
  "aud": "https://davinci-drug-formulary-ri.logicahealth.org/fhir",
  "sub": "admin",
  "patient_id": "admin"
}
Clone this wiki locally