New post

#OAuth2

2

<

Articles and Questions regarding OAuth2 Authentication.

Hello,

I have created a service in Node.js which interacts with IRIS using APIs. The current implementation uses basic auth. I want to implement OAuth 2, to make the communication between the node.js service and IRIS secure. I want my service to act as client and IRIS as Authorization and Resource server. I don't know how to do that. Anyone who has implemented OAuth using IRIS can you help me out or point me in the right direction on about how to implement it?

Thank you for your help :)

0 6
0 309
Question
· Nov 17, 2023
Testing OAuth2

I am attempting to setup my first OAuth2 client, as we are adventuring into the realm of making FHIR API calls to our EMR from HealthShare Health Connect.

I have gone through and set up the Issuer Endpoint, and Client Configuration but now I want to test it and verify that the setup is correct. When I setup the Client Configuration, it would not allow me to use Discovery as it was saying I needed a "Client secret" but was not given one. So I set it up manually, thinking I hit all the information correctly.

2 2
0 310

Trying to setup my first OAuth 2 client to authenticate against Epic's Interconnect instance that is hosting FHIR/Web Service API's. Epic's documentation says the JWT request has to be sent as a POST request..

Does 

GetAuthorizationCodeEndpoint

and 

GetImplicitEndpoint

automatically put the request into a POST request, or do I need to format a %Net.HttpRequest to POST?

Thanks

Scott

1 4
0 297

In this article I will explain how to Authenticate, Authorize and Audit by code by using CSP Web Application along with Enabling /Disabling and Authenticate/Unauthenticate any Web Application.

Application Layout

Open Exchange app
8 5
1 1.3K
Question
· Jun 15, 2016
Oauth 1.0 library

I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.

Thanks in advance for any help.

[UPDATE 06/28/2016]

1 3
0 602

This is a bit of an IRIS question but also and OAuth 2.0 questions:

I am using %OAuth2.JWT.JWTToObject() to "validate" a JWT. My questions:

- While I am checking claims with the returned body, does the return status of the method "count" as a validation step? In other words, if I weren't checking claims and $$$OK was returned from that method call (passing in the token and public keys), I could feel confident that this token came from the expected auth server?

0 4
0 289
Question
· May 2, 2023
JWS/JWT Header X5C

Hello All,

I'm trying to sign some custom JWT with x.509 certs but running into a problem with the signed JWT containing some information I need in the JOSE header.

Is there a way to get the "X5C:[]" header included in the signed JTW? IS this as easy as setting something like the following

Set JOSE("x5c") = "public key"

Thanks

John

0 1
0 228
Article
· Mar 7, 2023 10m read
Reference for the JSON Web Classes

Foreword

InterSystems IRIS versions 2022.2 and newer feature a redesigned functionality for JSON web tokens (JWTs). Once housed under the %OAuth2 class package, the JWT class, along with other JSON web classes (JWCs), now live under %Net.JSON. This migration occured in order to modularize the JWCs. Before, they were closely intertwined with the implementation for the OAuth 2.0 framework. Now, they can be maintained and used separately from OAuth2.

2 0
0 524

Hi,

I am trying to configure OAuth2 server to connect to Cerner Auth server to get FHIR API access token but I am getting the error "Discovery response not valid".

I can get the access token back okay from Cerner endpoint used in the OAuth configuration below via Postman and Manually sending the request via HTTP Operation from HealthShare, so the URLs I am using looks correct but the OAuth configuration is not working.

0 6
0 457

Hello, developers!

In this article, I will show you how to configure FHIR repository + OAuth2 authorization server/resource server on IRIS for Health following the previous article.

In Part 1, we introduced the preliminary preparations, configuring the OAuth2 authorization server, and obtaining the access token.
Part 2 will show you how to build an FHIR repository and configure an OAuth2 client/resource server.

3 3
2 1.3K

Hello,

I have been tinkering with FHIR recently and tried to update the FHIR servers Capability Statement after I made some changes. I updated an OAuth2.Issuer Service Registry entrys URL and needed to update the metadata which the FHIR server sends to the client so they can get the updated URL for the authorization server we use.

However, when I run the Console Setup tool with

0 2
0 414

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

9 12
3 5.4K

Hi Developers!

Here're the technology bonuses for the Security Contest 2021 that will give you extra points in the voting:

  • Basic Authentication usage - 2
  • Bearer/JWT Authentication usage - 3
  • OAuth 2.0 usage - 5
  • Authorization components usage - 2
  • Auditing usage - 2
  • Data Encryption usage - 2
  • Docker container usage - 2
  • ZPM Package deployment - 2
  • Online Demo - 2
  • Code Quality pass - 1
  • Article on Developer Community - 2
  • Video on YouTube - 3

See the details below.<--break->

0 1
0 324

I'm trying to save a list of AccessTokens a user for a specific user. This way I could present it together with other user-data.

I have tried calling ##class(OAuth2.Server.AccessToken).OpenByCode(authCode) from %OAuth2.Server.Authenticate's AfterAuthenticate() method. This only returns things like State and AuthorizationCode, but the AccessToken is empty at this point (afterwards it becomes filled out).

Is there a way to achieve storing the AccessToken as part of the login system?

0 1
0 277

I'm trying to implement an OAuth2 server, but I have som issues when trying to setup JWT under OAuth 2.0->Client.

I get the error message saying "No match between server name 'localhost' and SSL certificate values 'cache'". I have set up a SSL/TLS configuration as simple as possible without any certificate files. I'm accessing my server via HTTPS with an unsigned certificate.

Can anyone point me in the right direction on how to resolve the issue I'm encountering.

0 1
0 596

Let's imagine if you would like to write some real web application, for instance, some simple clone of medium.com. Such sort of application can be written using any different language on the backend side, or with any framework on the frontend side. So many ways to do the same application, and you can look at this project. Which offers a bunch of frontends and backends realizations for exactly the same application. And you can easily mix them, any chosen frontend should work with any backend.

Let me introduce the same application realization for InterSystems IRIS on a backend side.

Open Exchange app
6 3
1 858

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

5 1
0 1.1K