Stream: tooling
Topic: HL7 Validator authentication support for terminology service
Ardon Toonstra (Mar 02 2021 at 13:31):
Hi @Grahame Grieve ,
The Netherlands now has a nice national terminology server (the Ontoserver)! We would like to use it for validation purposes as this would solve a lot of validator errors/warnings due to the Dutch SNOMED extension sets we use.
However, to use the Ontoserver we require authentication based on bearer tokens. I believe the HL7 validator currently does not support authentication? Are there any plans to add such a feature?
Pieter Edelman (Mar 02 2021 at 13:34):
"HL7 Validator" also means "IG Publisher" in this context ;)
Grahame Grieve (Mar 02 2021 at 19:41):
@Mark Iantorno please add this to your list. and I would propose:
- you can provide a bearer token in the parameters
- or you can it in .fhir/validator.config or similar
Mark Iantorno (Mar 02 2021 at 19:42):
Okay, this will fit in with the other HTTP library work I want to do
Ardon Toonstra (Mar 03 2021 at 11:48):
Nice! :D Thanks
David Simons (Jul 20 2021 at 12:16):
+1 for this request , ie. hl7validator to support OAuth2 over HTTPS against a 3rd-party FHIR TX instance
supply the OAuth2 access token to the hl7validator - assuming it is obtained out-of-band in one of the OAuth2 flows
@Mark Iantorno @Grahame Grieve
Mark Iantorno (Jul 20 2021 at 13:09):
The core validator does token based auth as of now
Mark Iantorno (Jul 20 2021 at 13:10):
OAuth2 would be a little more difficult to set up
David Simons (Jul 20 2021 at 13:45):
Mark Iantorno said:
The core validator does token based auth as of now
Can you elaborate a bit more, please, what that means, or where documented? Glad to test drive!
(I did not see it under https://github.com/hapifhir/org.hl7.fhir.core )
If it means, supply the hl7validator CLI with an OAuth2 Bearer access token, obtained separately (out-of-band), like "MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3", and using it in the FHIR-REST calls to the TX, even without refresh, in the HTTP Authorization request header, that'd be great already!
David Simons (Jul 26 2021 at 12:49):
@Mark Iantorno - is there a feature branch we can look at / contribute to?
PS: are you our sick? get well soon!
Mark Iantorno (Jul 26 2021 at 13:58):
I was sick last week, feeling better now, thanks.
Mark Iantorno (Jul 26 2021 at 13:59):
repo is here: https://github.com/hapifhir/org.hl7.fhir.validator-wrapper
Mark Iantorno (Jul 26 2021 at 14:00):
that one is for the website that hosts the validator
Mark Iantorno (Jul 26 2021 at 14:00):
actual validator is in the core library
Mark Iantorno (Jul 26 2021 at 14:00):
https://github.com/hapifhir/org.hl7.fhir.core
Mark Iantorno (Jul 26 2021 at 14:00):
@David Simons
David Simons (Jul 26 2021 at 15:06):
Thanks and yes - I scrutinized that latter repo - but could not find any use of the headers argument in the org.hl7.fhir.core\org.hl7.fhir.r4\src\main\java\org\hl7\fhir\r4\utils\client\ClientUtils.java, yet, for example, trickling down from the
org.hl7.fhir.validation\src\main\java\org\hl7\fhir\validation\cli\utils\Params.java
public <T extends Resource> ResourceRequest<T> issuePostRequest(URI resourceUri,
byte[] payload,
String resourceFormat,
Headers headers,
String message,
long timeout)
e.g. a public static final String TERMINOLOGY_AUTH = "-txAuth"; for a bearer token to be ingested as a HTTP Authorization request header. :)
David Simons (Jul 27 2021 at 11:56):
created a DRAFT pull request https://github.com/hapifhir/org.hl7.fhir.core/pull/566/files - let me see how far I get myself :)
David Simons (Jul 30 2021 at 07:58):
was able to get the OAuth2 Bearer access token to be passed to TX, from CLI via parameter like-txAccessToken e5f81bb4-4cb8-47a7-9ee4-03b049dacbbb , on that branch/PR.
Now trying to overcome (customizing):
- missing api-version: 1 HTTP header
- missing CapabilityStatement from TX, upon
metadata?_summary=true, andmetadata?mode=terminology java.lang.IllegalStateException: Invalid use of BasicClientConnManager: connection still allocated. Make sure to release the connection before allocating another onein the R4 ClientUtils on the httpclient.execute(request). This is probably related to the required work on the HTTP client in the hl7validator.
David Simons (Aug 31 2021 at 09:28):
Hopefully this work item to productize can be prioritized :) https://github.com/hapifhir/org.hl7.fhir.core/issues/588
Grahame Grieve (Aug 31 2021 at 09:43):
@Mark Iantorno yes but we need to get a new version out asap
Mark Iantorno (Aug 31 2021 at 13:09):
working on this today
Mark Iantorno (Aug 31 2021 at 13:09):
@Grahame Grieve do you mean you want me to publish a new version of the core before doing this
Mark Iantorno (Aug 31 2021 at 13:09):
or just do this, then publish a new version of the core?
Grahame Grieve (Aug 31 2021 at 13:15):
well, I'd really like to have you sort out your merge thing, then I can commit a bunch of code, and then we get a release out later today your time
Mark Iantorno (Aug 31 2021 at 13:18):
All my merges accept for the one I need James to assist with are closed?
Mark Iantorno (Aug 31 2021 at 13:18):
Which one do you mean?
Grahame Grieve (Aug 31 2021 at 13:20):
The validation one you said you had to merge with the code I committed on Friday
Mark Iantorno (Aug 31 2021 at 13:21):
I pushed the changes the PR you had made
Mark Iantorno (Aug 31 2021 at 13:21):
and merged that
Grahame Grieve (Aug 31 2021 at 13:22):
ok. I'll merge when I wake up tomorrow and we'll do a release
Mark Iantorno (Aug 31 2021 at 13:22):
sounds goood
Mark Iantorno (Aug 31 2021 at 13:22):
I'll start on the issue 588
Last updated: Apr 12 2022 at 19:14 UTC
