Stream: smart
Topic: Connectathon 28
Carl Anderson (Sep 10 2021 at 03:04):
Just a reminder that tomorrow we'll be having a SMARTv2 Connectathon Kickoff Call at 2:00 - 3:00 PM EST.
0/
<Y
/ \
I don't have an official link for the call tomorrow, so I'm planning to use this jitsi link: https://meet.jit.si/smart-app-launch
I will update this topic with a new link if I find a different, more official one!
Kickoff Slide Deck is here: https://aka.ms/c10n28-smart-v2
Here's a link to the c10n page: https://confluence.hl7.org/display/FHIR/2021-09+SMART+App+Launch+v2
Whova link to sessions (search for SMART App Launch v2): https://whova.com/portal/webapp/hlsfh_202109/Agenda
If you haven't signed up yet - please add your name to the spreadsheet.
Looking forward to seeing you all tomorrow and next week!
Note: I sometimes abbreviate Connectathon as c10n. It's 300% easier (for me) to spell correctly!
Carl Anderson (Sep 10 2021 at 17:54):
Reminder - the kickoff call will begin in 6 minutes
Josh Mandel (Sep 10 2021 at 18:03):
I don't see the call details in whova or confluence -- does anyone have a link?
Josh Mandel (Sep 10 2021 at 18:03):
(@Carl Anderson)
Josh Mandel (Sep 10 2021 at 18:04):
Ah, I see above: https://meet.jit.si/smart-app-launch
Carl Anderson (Sep 10 2021 at 20:03):
For those that missed the Kickoff call (or wanted to watch it again at 1.75x) - here's the link: https://youtu.be/MzJhGmA0xH8
Keith Carlson (Sep 13 2021 at 15:49):
I noticed when testing the demo-smart-cc client using smart.argo.run that JWKS Inline has to be populated or else I get an error. Shouldn't just having either a JWKS URI or including the key inline be sufficient? Curious if this is just an implementation detail or error of the SMART App Launcher's registration or expected behavior. Here is the URL with all the parameters that is erroring for me: https://smart.argo.run/?auth_error=&client_secret=&fhir_version_2=r4&iss=&jwks=&jwks_uri=https%3A%2F%2Fproud-wooden-payment.glitch.me%2Fjwks.json&launch_ehr=1&launch_url=https%3A%2F%2Fproud-wooden-payment.glitch.me%2Flaunch%2F&patient=&prov_skip_auth=1&provider=&pt_skip_auth=1&public_key=&redirect_uris=https%3A%2F%2Fproud-wooden-payment.glitch.me%2Fauthorized&sde=&sim_ehr=1&token_lifetime=15&user_pt=&validate_pkce=1&validation_method=cc-asym
Josh Mandel (Sep 13 2021 at 16:06):
Shouldn't just having either a JWKS URI or including the key inline be sufficient
Yes, the intention is that you can supply a JWKS URI or an inline JWKS. This sounds like a bug. Will review with @Carl Anderson.
Carl Anderson (Sep 13 2021 at 18:19):
Thanks for pointing that out, Keith. I am working on a fix for the server and will post here when it's live. For now, if you populate the jwks inline portion it should work - but I'll get the jwks_uri-only mode working soon, too.
Carl Anderson (Sep 14 2021 at 03:30):
@Keith Carlson - this commit resolves the issue. Thanks, again, for pointing it out!
Keith Carlson (Sep 14 2021 at 12:05):
No problem! Thanks for the fix
Carl Anderson (Sep 14 2021 at 13:26):
Quick reminder: the link to the first Whova agenda item for today is: https://whova.com/portal/webapp/hlsfh_202109/Agenda/1919123/
Carl Anderson (Sep 14 2021 at 13:52):
Here's the agenda, for those looking here instead of in Whova (all times in EST):
- Tuesday
- Wednesday
Josh Mandel (Sep 14 2021 at 14:01):
Are the times in whova wrong? I see kickoff at 11:00 a.m. eastern time
Carl Anderson (Sep 14 2021 at 14:02):
AHA - that would explain things a bit
Carl Anderson (Sep 14 2021 at 14:03):
I was looking at the schedule in Central, thanks Josh!
Josh Mandel (Sep 14 2021 at 15:16):
From kickoff call: https://aka.ms/c10n28-smart-v2 is the deck Carl's showing, with links to tools
Josh Mandel (Sep 14 2021 at 15:29):
For all connectathon participants
Sign-up sheet at smartv2-connectathon.argo.run -- please add your name, and details on any server or client you're bringing to the table (if applicable).
Carl Anderson (Sep 14 2021 at 16:17):
If you have technical corrections / comments / change requests related to the SMART v2 IG - please visit jira.hl7.org and click the 'Create' button to submit a new issue.
image.png
Josh Mandel (Sep 14 2021 at 17:40):
@Carl Anderson at https://proud-wooden-payment.glitch.me/jwks.json looks like the example JWK has an alg of P-384 that should be ES384?
Carl Anderson (Sep 14 2021 at 19:41):
@all - we're approaching the end of Day 1!
So far, we have had at least one successful breakout session with Josh and Dan. We worked on converting the demo confidential client to use express-session rather than using a simple session map. In the process we hit a snag with cookies and eventually discovered that when hosting the app on glitch (but presumably also in other environments you might encounter) we needed to enable a setting called 'trust proxy' in express. Without this, the session cookie settings were not being set. @Dan Cinnamon and @Josh Mandel can chime in with extra details if I'm missing anythin (or misrepresenting the situation).
Anyway, the results of that session are in this PR: https://github.com/microsoft-healthcare-madison/demo-smart-cc/pull/9
Carl Anderson (Sep 14 2021 at 19:46):
Also, FAYI - Josh put together a take on the confidential client that uses the official smart client, simplifying the logic substantially.
https://github.com/microsoft-healthcare-madison/demo-smart-cc/blob/with-fhirclient/src/index.js
Josh Mandel (Sep 14 2021 at 19:59):
I also put together an version of the server-side demo app that uses the (latest) fhirclient library for managing the authz process + token request. https://github.com/microsoft-healthcare-madison/demo-smart-cc/blob/with-fhirclient/src/index.js weighs in at ~100 LOC.
Josh Mandel (Sep 14 2021 at 20:03):
The branch of the client library I'm using is: https://github.com/microsoft-healthcare-madison/client-js/tree/c10n-2021-09
Josh Mandel (Sep 14 2021 at 20:04):
^^ That branch supports PKCE and asymmetric authentication
Josh Mandel (Sep 15 2021 at 14:20):
@Isaac Vetter can you point us to the best place for testing Epic's implementation of asymmetric client authentication? Is this supported in the context of a SMART App Launch today, or just in the context of Backend Services? (Cc @Chuck Feltner, following up from our track check-in just now)
Carl Anderson (Sep 15 2021 at 14:27):
Sorry I had my wires crossed on the stand-up this morning! I was heads-down getting the track report-out content started.
https://docs.google.com/document/d/1WOUZTx6NfqFORrayU1qAmsbmc-NPPWQH61WXL9dLgak/edit?usp=sharing
Carl Anderson (Sep 15 2021 at 14:27):
Will be joining in a few minutes
Carl Anderson (Sep 15 2021 at 14:37):
Okay, I messed up the calendar entries. Sorry about that! I see that the next scheduled call won't begin for another ~20 minutes. I'll see if I can get it started early. If not, I'll see you then.
Carl Anderson (Sep 15 2021 at 19:01):
Erp - looks like Zoom ended the meeting after 40 minutes of idle time.
Josh Mandel (Sep 15 2021 at 19:06):
Are you able to start it back up again? I am just looking at the whova interface which indicates that hasn't started yet.
Josh Mandel (Sep 15 2021 at 19:07):
("please wait for the event organizer")
Carl Anderson (Sep 15 2021 at 19:07):
It's running now (and for the past 5 minutes)
Josh Mandel (Sep 15 2021 at 19:08):
Whova is not showing me the link, even though I have been reloading the page. Can you send here?
Carl Anderson (Sep 15 2021 at 19:09):
I think this will work for you
Josh Mandel (Sep 15 2021 at 19:10):
That gets me as far as a password screen but no further :/
Josh Mandel (Sep 15 2021 at 19:11):
di8zdXc1SmVWM25sT2xPd2hRYjFNdz09 is embedded in the link but does not actually work
Carl Anderson (Sep 15 2021 at 19:29):
Hmm, @Dan Cinnamon was able to rejoin
Carl Anderson (Sep 15 2021 at 19:37):
@Josh Mandel - this link in Whova should link to a live Zoom meeting
Carl Anderson (Sep 15 2021 at 19:38):
Chuck and Dan and I are looking at Chuck's PKCE bug
Josh Mandel (Sep 15 2021 at 19:39):
That works
Carl Anderson (Sep 15 2021 at 19:57):
@all - the final meeting of the track will be starting in a few minutes.
https://whova.com/portal/webapp/hlsfh_202109/Agenda/1919125
We'll be reviewing the report-out draft here:
https://docs.google.com/document/d/1WOUZTx6NfqFORrayU1qAmsbmc-NPPWQH61WXL9dLgak/edit?usp=sharing
Josh Mandel (Sep 15 2021 at 21:26):
@Chuck Feltner thanks for bearing with me on the JS library. The quick fix is in at https://github.com/microsoft-healthcare-madison/client-js/tree/c10n-2021-09, which should have PKCE working for server-side and browser-side apps. The longer-term solution is probably to remove the dependency on node-jose in favor of something smaller (e.g., I'm thinking it's OK to only target environments where SubtleCrypto is available, for these new features)
Demo using this latest: https://sharp-lake-word.glitch.me/graph.html (source: https://glitch.com/edit/#!/sharp-lake-word?path=standalone.html)
Josh Mandel (Sep 15 2021 at 23:59):
And https://github.com/microsoft-healthcare-madison/client-js/tree/own-jws has an attempt at ditching the node-jose dependency; needs careful review, but gets the minified total library size down to where it used to be (200kb).
Chuck Feltner (Sep 16 2021 at 00:59):
@Josh Mandel Thanks for the timely update! I tested our SMART App using the https://github.com/microsoft-healthcare-madison/client-js/tree/c10n-2021-09 version of the library and it works now :tada: on our Azure deployment.
Last updated: Apr 12 2022 at 19:14 UTC
