FHIR Chat · Connectathon - IBM server · CARIN IG for Blue Button®

Stream: CARIN IG for Blue Button®

Topic: Connectathon - IBM server

Michele Mottini (Sep 10 2020 at 14:31):

@Paul Bastide I see your end point in the tracking spreadsheet, but how one does register a client app? Are there available patient logins?

Paul Bastide (Sep 10 2020 at 14:40):

We have one app registered called inferno with no secret

Michele Mottini (Sep 10 2020 at 14:40):

OK - how do I register our app?

Paul Bastide (Sep 10 2020 at 14:40):

feel free to use basic auth - fhiruser/change-password to act on behalf of Patient1 Lee corrected me, that's just for auth.

Michele Mottini (Sep 10 2020 at 14:41):

I have a client app that uses SMART - OAuth2 code flow - no way to register it?

Lee Surprenant (Sep 10 2020 at 14:44):

I think you can register it at the endpoint advertised in the conformance and smart-configuration. We're pretty new to that part though, I think I've only ever done it via a token

Lee Surprenant (Sep 10 2020 at 14:47):

if unauthenticated client registration isn't working, i can generate a token that will allow you to register the app

Michele Mottini (Sep 10 2020 at 14:52):

Let me try...

Lee Surprenant (Sep 10 2020 at 14:53):

also I've only done it through inferno...let me go there and steal some sample requests

Michele Mottini (Sep 10 2020 at 14:56):

Tried POST:

{
      "redirect_uris": [
        "https://myfhr.careevolution.com/cfhrprovideraccounts/redirecttarget",
        "http://localhost/WebClientTest.Adapter1.WebClient/cfhrprovideraccounts/redirecttarget",
        "http://localhost:64531/WebClient/cfhrprovideraccounts/redirecttarget"
      ],
      "client_name": "CareEvolution",
      "token_endpoint_auth_method": "client_secret_basic"
     }

Michele Mottini (Sep 10 2020 at 14:56):

Got 403 Forbidden:

{
    "error": "insufficient_scope",
    "error_description": "Policy 'Trusted Hosts' rejected request to client-registration service. Details: Host not trusted."
}

Michele Mottini (Sep 10 2020 at 14:57):

Mhh ... probably the http://localhost

Michele Mottini (Sep 10 2020 at 14:57):

No, even removing those it did not like it

Lee Surprenant (Sep 10 2020 at 14:59):

ok, mind trying it with this access key then?

eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmODVmN2ZiZS0yMGM1LTRlMTEtYmQ4Yi03MzgzZmQyNmU4Y2IifQ.eyJleHAiOjE1OTk5MjIwOTQsImlhdCI6MTU5OTc0OTI5NCwianRpIjoiY2NjNGYxODYtNTgxOC00MjFjLWFhYWQtYWU1YzUyNTJmOGUzIiwiaXNzIjoiaHR0cHM6Ly9jbHVzdGVyMS01NzM4NDYtMjUwYmFiYmJlNGMzMDAwZTE1NTA4Y2QwN2MxZDI4MmItMDAwMC51cy1lYXN0LmNvbnRhaW5lcnMuYXBwZG9tYWluLmNsb3VkL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6Imh0dHBzOi8vY2x1c3RlcjEtNTczODQ2LTI1MGJhYmJiZTRjMzAwMGUxNTUwOGNkMDdjMWQyODJiLTAwMDAudXMtZWFzdC5jb250YWluZXJzLmFwcGRvbWFpbi5jbG91ZC9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJ0eXAiOiJJbml0aWFsQWNjZXNzVG9rZW4ifQ.N6I9is-PYxXM7beH0ePwCbmCFDxSlvggkUGBAXeXX3Y

Michele Mottini (Sep 10 2020 at 15:01):

As a bearer auth token ?

Michele Mottini (Sep 10 2020 at 15:01):

Yep

Michele Mottini (Sep 10 2020 at 15:02):

It worked, thanks

Lee Surprenant (Sep 10 2020 at 15:06):

shoot, I think I have one more thing to do for this to start working with our fhir server though (currently its only trusting the keycloak client). fun times :-)

Lee Surprenant (Sep 10 2020 at 15:07):

you should be able to get the bearer token via smart app launch now though, so do let us know if you have trouble with that

Michele Mottini (Sep 10 2020 at 15:16):

Got to the auth screen, which credential can I use?

Paul Bastide (Sep 10 2020 at 15:16):

fhiruser/change-password should work

Michele Mottini (Sep 10 2020 at 15:16):

ah sorry, I though that was a url

Michele Mottini (Sep 10 2020 at 15:19):

Logged in fine, but FHIR requests all fail with 403.....but that was what Lee was saying I guess?

Michele Mottini (Sep 10 2020 at 15:19):

' one more thing to do '

Lee Surprenant (Sep 10 2020 at 15:19):

yep :-)

Lee Surprenant (Sep 10 2020 at 15:20):

sadly lots going on (per usual in connectathon). i will ping you when i figured this out

Michele Mottini (Sep 10 2020 at 15:20):

No problem

Michele Mottini (Sep 10 2020 at 15:54):

Also: there is a problem with the CapabilityStatement: the SMART URLs should be URIs not URLs, ie in

                "extension": [
                    {
                        "extension": [
                            {
                                "url": "token",
                                "valueUrl": "https://cluster1-573846-250babbbe4c3000e15508cd07c1d282b-0000.us-east.containers.appdomain.cloud/auth/realms/master/protocol/openid-connect/token"
                            },
                            {
                                "url": "authorize",
                                "valueUrl": "https://cluster1-573846-250babbbe4c3000e15508cd07c1d282b-0000.us-east.containers.appdomain.cloud/auth/realms/master/protocol/openid-connect/auth"
                            },
                            {
                                "url": "register",
                                "valueUrl": "https://cluster1-573846-250babbbe4c3000e15508cd07c1d282b-0000.us-east.containers.appdomain.cloud/auth/realms/master/clients-registrations/openid-connect"
                            }
                        ],
                        "url": "http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris"
                    }

the values should be valueUri not valueUrl - see http://www.hl7.org/fhir/smart-app-launch/conformance/index.html#declaring-support-for-oauth2-endpoints

Paul Bastide (Sep 10 2020 at 15:55):

Thanks, I can clean that up

Paul Bastide (Sep 10 2020 at 15:58):

I created an issue - https://github.com/IBM/FHIR/issues/1496 (FYI) - I'll raise a PR for it in a few minutes (thanks again)

Michele Mottini (Sep 10 2020 at 16:01):

Thank you (it is pretty subtle, it took my a while to figure out why our client was not loading them...)

Paul Bastide (Sep 10 2020 at 16:06):

it is - and thank you

Josh Mandel (Sep 10 2020 at 16:28):

Nice, yeah -- as a matter of historical interest, at the time we introduced this discovery mechanism valueUrl did not exist :-)

Josh Mandel (Sep 10 2020 at 16:29):

(on the plus side https://cluster1-573846-250babbbe4c3000e15508cd07c1d282b-0000.us-east.containers.appdomain.cloud/fhir-server/api/v4/.well-known/smart-configuration avoids this particular issue ;-))

Lee Surprenant (Sep 10 2020 at 21:59):

finally think i got this working for the dynamically-registerred clients

Michele Mottini (Sep 10 2020 at 22:04):

Yep, it works - here is your data in our app:

image.png

Michele Mottini (Sep 10 2020 at 22:06):

One note: your are using http://terminology.hl7.org/CodeSystem/claim-type instead of http://hl7.org/fhir/us/carin/CodeSystem/carin-bb-claim-type for ExplanationOfBenefit.type.coding.system

Lee Surprenant (Sep 10 2020 at 22:07):

thanks, i updated our conformance artifacts to the latest version today but havn't updated the sample data yet

Lee Surprenant (Sep 10 2020 at 22:07):

let me give that a go

Lee Surprenant (Sep 10 2020 at 22:21):

ok, the sample data should be revved now too (with the alterations mentioned at https://chat.fhir.org/#narrow/stream/204607-CARIN-IG.20for.20Blue.20Button.C2.AE/topic/Examples.20from.20Connectathon)

Michele Mottini (Sep 10 2020 at 22:25):

Mhhh...seeing the same system for the type

Michele Mottini (Sep 10 2020 at 22:33):

Also: there are three ExplanationOfBenefit with the same identifier, that I think is wrong

Michele Mottini (Sep 11 2020 at 01:07):

...but maybe that _is_ the correct system? http://hl7.org/fhir/us/carin/CodeSystem/carin-bb-claim-type is not longer in the current build

Lee Surprenant (Sep 11 2020 at 11:39):

yep, sure seems right to me
image.png

Lee Surprenant (Sep 11 2020 at 11:40):

even right in the parent: https://build.fhir.org/ig/HL7/carin-bb/StructureDefinition-C4BB-ExplanationOfBenefit.html has a required binding to http://hl7.org/fhir/R4/valueset-claim-type.html

Lee Surprenant (Sep 11 2020 at 11:45):

Also: there are three ExplanationOfBenefit with the same identifier, that I think is wrong

I simply uploaded the examples from the specification. I agree its strange that 3 of them have the same identifier. I can update them to be different

Michele Mottini (Sep 11 2020 at 12:17):

Yes, we based our code on the released version of the implementation guide: http://hl7.org/fhir/us/carin-bb/2020Feb/StructureDefinition-CARIN-BB-ExplanationOfBenefit.html and not on the current build, and so we use / expect the http://hl7.org/fhir/us/carin/CodeSystem/carin-bb-claim-type system

Michele Mottini (Sep 11 2020 at 12:18):

I can update them to be different

That would be good - our client thinks they are the same claim and overwrites them, so we end up with 2 instead of 4

Lee Surprenant (Sep 11 2020 at 12:22):

done

Lee Surprenant (Sep 11 2020 at 12:22):

we based our code on the released version of the implementation guide

yes, we were on that too until about a week ago :-)
i think you know but thats not really a "released" version, just a ballot snapshot.

Michele Mottini (Sep 11 2020 at 12:27):

No, I did not know (those distinctions are somewhat hazy for me)

Lee Surprenant (Sep 11 2020 at 12:37):

ok, yeah, CARIN BB is still pre-release, so not even an STU1 yet

Michele Mottini (Sep 11 2020 at 16:30):

I fetched the data again and now I have all four claims, thanks @Lee Surprenant

Last updated: Apr 12 2022 at 19:14 UTC