Open SturmCamper opened 1 year ago
Hi @SturmCamper, if you can obtain an access token and invoke the service using that token, then I think it indicates things are working on our end. Unfortunately, I'm not familiar with https://bilirubin-risk-chart.logicahealth.org/launch.html?](https://bilirubin-risk-chart.logicahealth.org/launch.html but the error message you provided makes it sound like the server is getting a request that doesn't actually have a JWT bearer token. Use of JWTs isn't required by the spec, but if the client is interacting with our smart auth server (keycloak) then it should be getting one. Are you able to intercept that request to check what the Authentication header looks like in the request?
P.S. Not sure if its related to your issues or not, but we've mostly worked with "standalone app launch" scenarios, not EHR launch scenarios.
Hi @SturmCamper , you wrote:
"To enforce the SMART-interceptor im using the smart-fhir.jar version 5.1.1."
I'm wondering where I can get the jar file from. In the FHIR server documentation is written:
To enforce authorization policy on the server, drop the fhir-smart module into the server’s userlib directory.
I assume that your jar file is the module that should be dropped in the userlib directory. But where can I get the jar file from? Or do I need to create it from the fhir-smart directory? Sorry for my question, but I'm very new in Java development.
P.S. I have set up a demo stack with Keycloak and am able to get a valid access token (aud, scopes, referenceID are parts of the token). But when I try to retrieve the patient's resource, I get a Forbidden response (403). So I think the fhir-smart module is not enabled in my test server. Is there a way to check if the fhir-smart module is enabled or not? Or is there a way to determine the reasons why the request ends with a 403 forbidden response?
Many thanks in advance. Katja
UPDATE: I think I have found the repository with the available jar files --> https://repo1.maven.org/maven2/org/linuxforhealth/fhir/fhir-smart/5.1.1/ I have copied fhir-smart-5.1.1.jar to the userlib directory and restart the docker container. But unfortunately I always get a 403 response when I try to access the patient resource. Is there a server log with detailed information as to what the reason is?
Describe the bug I was currently tinkering with SMART on Fhir and tried to impliment my own basic EHR. Every thing works fine until I try to launch an APP within the EHR context. The problem should be the authetication, since whenever I'm going through the launch flow the Following messages appear inside the LinuxForHealth container.
I'm using the fhir server in conjunction with the Keycloak extension and maby there is some Config issue, but at this time I can't seem to find any. If i genereate a Toke with postman and try to access one resource the Problem does not occour. Maby it has something to do with Fhir-Client the Apps implement?
Environment The Enviroment should be the latest. To enforce the SMART-interceptor im Using the the
smar-fhir.jar
version 5.1.1.For the setup I'm using docker compose
The server Config
The JWT config
To Reproduce For a test I used this App https://bilirubin-risk-chart.logicahealth.org/launch.html?
I created a fitting Keycloak client, but as I said I'm not sure if I configured everything correctly. As a how to config I used this guide https://alvearie.io/blog/smart-keycloak/
Thanks in advance for every help. And sry if this might seem self explanatory, but I can't find any ressources to help my self.