simonvadee
commented
2 years ago duplicate of https://github.com/arkhn/hapi-fhir/issues/6
Closed simonvadee closed 2 years ago
simonvadee
commented
2 years ago duplicate of https://github.com/arkhn/hapi-fhir/issues/6
The only authentication mechanism currently implemented in jpaltime consists in passing the practitionerId in the "Authorization" header, which is obviously a terrible idea (FYI, we did this for a demo for which we did not have time to implement a proper auth mechanism)
(I think) we want to use an interceptor (see https://hapifhir.io/hapi-fhir/docs/interceptors/interceptors.html) to verify the access token from the request cookies and ask o-provider if it's a valid one. We need to find an openID connect implem in java. As an example, we can check what's done in river with django-mozilla-oidc