Closed thomasgalliker closed 2 years ago
daemel
commented
2 years ago Can you share the repo's you used? The only issues we see with https://github.com/microsoft/fhir-starter and https://github.com/microsoft/fhir-proxy when users do not have the correct permissions within the tenant or subscription. For FHIR Proxy please ensure you have the RBAC permission Application Administrator.
thomasgalliker
commented
2 years ago The major problem is complexity and the lack of working and consistent step-by-step documentations. I started off (again..) with this doc and after 2mins, deployfhirproxy.bash is telling me what prerequisite steps I'm missing:
Obvisouly, the Azure API for FHIR must be installed before the deployfhirproxy.bash script can run. So I did this first. What is nowhere mentioned: Do I have to check the "SMART on FHIR proxy" flag (under Authentication) or can I leave it unchecked? Does this flag install a FHIR-proxy or is it just to "somehow enabled" the capability of working together with a FHIR-proxy in the future?
Next, what role assignments do I have to do for a FHIR-proxy-to-FHIR-Server setup? There are several roles to select from. I guess I need a very privileged role, e.g. FHIR Data Contributor so that the FHIR-proxy will have enought rights to talk to the FHIR server. Next, I can't find the service principal to assign to the selected role.
After all, the deployfhirproxy.bash failed with following error. Some parts (like the key vault and a fhir-proxy resource group) were created. But was it really successful? Where do I select a region or SKU? I'm using my Visual Studio Enterprise subscription for this experiment - and dollars are counting down... ERROR: This region has quota of 0 instances for your subscription. Try selecting different region or SKU.
thomasgalliker
commented
2 years ago Now, I managed to get a fhir-proxy up and running. https://sfp-proxy9020.azurewebsites.net/fhir/metadata
However, whenever I want to log-in using some Microsoft/patient account using Postman, I get this error: Error: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.↵ Trace ID: 74ee298e-0237-42f2-927d-31377a910700↵ Correlation ID: 56634ce9-01f8-4080-9e49-b81cd4ef0207↵ Timestamp: 2022-02-17 08:02:05Z
As far as I understand, end-users will authenticated using oauth2 flow "authorization_code" which does not require a client_secret to be transmitted. Something is going wrong. Is there a chance to get professional Microsoft support on this?
daemel
commented
2 years ago There are two Auth mechanisms in Proxy, 1) Client credentials flow to provide the proxy with access to FHIR, and 2) Oauth for users.
client cred: https://github.com/microsoft/fhir-proxy/tree/main/scripts#references
adding users: https://github.com/microsoft/fhir-proxy/blob/main/docs/setup.md
We provide postman collection and environment samples here: https://github.com/microsoft/fhir-proxy/tree/main/samples to help with setting up postman
thomasgalliker
commented
2 years ago Thanks @daemel. Things got more clear but still it seems a terribly complex setup. Why did you implement FHIRProxy as Azure functions instead of having a simple ASP.NET Core solution? I realized that there are 0 unit tests in FHIRProxy and even if I wanted to write some, I found that the code is written mostly in an untestable way (lots of static code, unused code, inconsistent naming conventions).
I'm closing this. Thanks again for your effort.
Dear Microsoft FHIR-Proxy contributors We're currently evaluating several FHIR products and by this ways I discovered Azure FHIR API and FHIR Proxy. Now, I followed the quickstart guides on how to setup Azure FHIR API. I seems to work okay with Postman. However, I can't get FHIR Proxy to work on top of Azure FHIR API. Whatever I do, I can get authorization tokens for users and call API methods like GET /patient and it seems like every authenticated user gets all patients (even those created by different users). It is pretty obvious that I'm doing something terribly wrong - or even worse, I didn't understand the concepts of FHIR and FHIR Proxy.
I'll re-setup everything tomorrow in the hope I will get it sorted out - However, if ANYONE who reads this feels empowered to support me in setting up my FHIR demo environment --> please contact me on linkedin: https://www.linkedin.com/in/thomasgalliker/ (Commercial support to be discussed, of course).