-
Notifications
You must be signed in to change notification settings - Fork 5
Authorization
This server requires a Smart launch using the OAuth workflow. The Authorization server is included in the ca.uhn.fhir.jpa.starter.authorization package. More details on preloaded data and debugging below.
The server will automatically include the following Users and Clients when it starts up.
| ID | Username | Password | IG Version | Description |
|---|---|---|---|---|
| Patient1 | Patient1 | password | All | Account for Patient/Patient1 from IG Examples |
| PatientEx1 | PatientEx1 | password | 0.1 | Account for Patient/PatientEx1 from IG Examples |
| admin | admin | password | All | Admin account which can access all resources on the server |
| Patient2 | Patient2 | password | 0.1 | Account for Patient/026f2676-d635-47b9-af1e-95de31cda9b1 from Onyx |
| Patient3 | Patient3 | password | 0.1 | Account for Patient/14c20e78-610b-405b-aad1-9c8f6109152c from Onyx |
| Patient4 | Patient4 | password | 0.1 | Account for Patient/6da541e2-62f4-42a7-8009-23e2d97116df from Onyx |
| Patient5 | Patient5 | password | 0.1 | Account for Patient/ec19f75c-c674-478c-8916-8acb2f1b0a68 from Onyx |
http://cpcds-ri.c3ib.org/cpcds-server/debug/Users
| ID | RedirectURI | Secret |
|---|---|---|
| b0c46635-c0b4-448c-a8b9-9bd282d2e05a | http://localhost:4000/login | bUYbEj5wpazS8Xv1jyruFKpuXa24OGn9MHuZ3ygKexaI5mhKUIzVEBvbv2uggVf1cW6kYD3cgTbCIGK3kjiMcmJq3OG9bn85Fh2x7JKYgy7Jwagdzs0qufgkhPGDvEoVpImpA4clIhfwn58qoTrfHx86ooWLWJeQh4s0StEMqoxLqboywr8u11qmMHd1xwBLehGXUbqpEBlkelBHDWaiCjkhwZeRe4nVu4o8wSAbPQIECQcTjqYBUrBjHlMx5vXU |
| 6cfecf41-e364-44ab-a06f-77f8b0c56c2b | https://cpcds-client-ri.herokuapp.com/login | XHNdbHQlOrWXQ8eeXHvZal1EDjI3n2ISlqhtP30Zc89Ad2NuzreoorWQ5P8dPrxtk267SJ23mbxlMzjriAGgkaTnm6Y9f1cOas4Z6xhWXxG43bkIKHhawMR6gGDXAuEWc8wXUHteZIi4YCX6E1qAvGdsXS1KBhkUf1CLcGmauhbCMd73CjMugT527mpLnIebuTp4LYDiJag0usCE6B6fYuTWV21AbvydLnLsMsk83T7aobE4p9R0upL2Ph3OFTE1 |
http://cpcds-ri.c3ib.org/cpcds-server/debug/Clients
There are a few debug endpoints to help with debugging issues related to authorization.
| Endpoint | Description |
|---|---|
/debug/Clients |
Full view of the authorization Clients table |
/debug/Users |
Full view of the authorization Users table |
/debug/Log |
Server log |
The following is an admin access token for the http://cpcds-ri.org:8080/cpcds-server (valid until May 2026):
eyJraWQiOiJOalZCUmpZNU1EbENNVUl3TnpVNFJUQTJRelpGTURRNFF6UTJNREF5UWpWRE5qazFSVE0yUWciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwOi8vY3BjZHMtcmkub3JnL2NwY2RzLXNlcnZlci9maGlyIiwicGF0aWVudF9pZCI6ImFkbWluIiwiaXNzIjoiaHR0cDovL2NwY2RzLXJpLm9yZy9jcGNkcy1zZXJ2ZXIvZmhpciIsImV4cCI6MTc3ODUzOTg1MCwiaWF0IjoxNjA1NzM5ODUwLCJjbGllbnRfaWQiOiJiMGM0NjYzNS1jMGI0LTQ0OGMtYThiOS05YmQyODJkMmUwNWEiLCJqdGkiOiIxMWUyMWJmNi1hM2FlLTQ4YzAtOTNlMS1kZjk3Y2RmZDVjMmQifQ.Mh-scaKr_HxZZ9G3oZp8sT4CRbadmmvAVhxt4LCaf8WLj_8k9Oxs2-O5oXINxW4Ef0HEOPPu29_I0jUtS1Z79g
The JWT Token Structure is below. A helpful tool for debugging the tokens is jwt.io.
JWT tokens are used throughout this process to digitally sign the Authorization Code and the Access Token. All JWT tokens in this reference implementation utilize the HS256 algorithm. The structure of the payload for the two types of tokens are shown below:
{
"aud": "http://localhost/cpcds-server", // Audience is the this server
"iss": "http://localhost/cpcds-server", // Issued by this server URL
"redirect_uri": "http://localhost:4000/client", // redirect_uri param from request
"exp": 1583853744, // Time of expiration (120s after iat)
"iat": 1583853624, // Issued at time
"username": "Patient1", // The login username for this client
"client_id": "0oa41ji88gUjAKHiE4x6" // The client requesting the authorization
}
{
"aud": "http://localhost/cpcds-server/fhir", // Audience is the protected CPCDS server
"iss": "http://localhost/cpcds-server/fhir", // Issued by this server URL
"exp": 1583856862, // Time of expiration (3600s after iat)
"iat": 1583853262, // Issued at time
"patient_id": "Patient1", // Patient ID for this user
"client_id": "0oa41ji88gUjAKHiE4x6", // The client requesting the authorization
"jti": "7f9971da-ea43-4554-b9f7-3157a796175d" // Unique identifier for this token
}