Basic SMART test

[nir-r]

Open issues

• Consider a manual approach for the MVP phase based on Postman

Requirements Tests 161 + 162

1. connect to an authorization server using mTLS with ORG-provided certificate, get an access token (in scopes request the same resources you are GETing anyway), use access token to connect to FHIR server (also with mTLS) and GET some resources. And then do the same with any other certificate unknown to ORG. This is pretty much basic SMART on FHIR backend services flow

2. Ask ORG to provide you with valid one. Generate your own (i.e. - openssl X509 -req ... etc.)

3. If mTLS fails you'll get an error in https.request - something about certificate usually. For access token request and also if FHIR server doesn't like your access token you'll usually get HTTP 4XX errors

Implementation Client => PM (https://learning.postman.com/docs/sending-requests/authorization/certificates/) Certificate => SMART2 FHIR Server => https://secure.server.fire.ly Authentication => Authorization => Firely Auth (https://docs.fire.ly/projects/Firely-Server/en/latest/security/firely-auth/firely-auth.html#firely-auth-index) Access Control =>

[nir-r]

Public SMART enabled test server

Well done to everyone at Health Samurai for this. Allowing free dev licenses to Aidbox FHIR servers gives devs and teams the ability to test their apps as they build them (at no cost) — all behind a full authentication flow.

While the publicly available test servers are useful (HAPI and Firely), I never use them to test real apps as the data is publicly visible and accessible. Aidbox uses OAuth authentication similar to many other FHIR server providers, so you know the data is secure.

https://www.linkedin.com/posts/darrendevitt_fhir-startup-innovation-activity-7214900435810217984-4JJI?utm_source=share&utm_medium=member_desktop