Stream: hapi
Topic: SMART on FHIR - OAuth2
Klaus Breitschaft (Jul 30 2021 at 10:23):
Hi
are there open source projects that add SMART on FHIR support for HAPI? Especially regarding the OAuth2 area:
- JWT introspection with fine grained access control (similar to Firely server)
- Linking of an Identity Provider to HAPI
- Update of capability statement with OAuth2 extension
- Addition of a smart-configuration endpoint
I am aware that there is the possibility to write custom interceptors, but maybe this has been done before in an open source project. I already did an extensive search for projects, but couldn't find anything useful.
Joel Schneider (Jul 30 2021 at 22:02):
Spring Security 5.4 and later includes support for OAuth and JWT, using classes such as BearerTokenResolver, JwtIssuerAuthenticationManagerResolver, and BearerTokenAuthenticationToken. However, I'm not aware of open source code that integrates these with HAPI to support SMART on FHIR.
Jens Villadsen (Jul 31 2021 at 11:33):
@Klaus Breitschaft We have paired HAPI with OAuth2, JWT introspection, pretty fine grained access control and what not by joining the interceptor framework with all the bells and whistles that we needed to support our client - essentially supporting RBAC and ABAC . None of it is however open source. If you would make a contribution to the HAPI FHIR Jpa Starter project I would gladly review it.
Last updated: Apr 12 2022 at 19:14 UTC
