search

migraf / fhir-kindling

HL7 FHIR client library. Sync and async crud operations against R4 FHIR servers. Resource validation & serialization
https://migraf.github.io/fhir-kindling/
MIT License
17 stars 5 forks source link

OIDC token never requested #211

Open christian-schmaler-snkeos opened 1 year ago

christian-schmaler-snkeos commented 1 year ago

Describe the bug The FhirServer is configured to work with client credentials, but seems to never request a token. FhirServer._get_oidc_token() is the code where a token would be requested but seems to be never called anywhere. The examples and documentation suggest that fhir_server = FhirServer("https://fhir.server/fhir", client_id="client_id", client_secret="secret", oidc_provider_url="url") should be enough to get the authorization working. How is this supposed to work?

To Reproduce

fhir_server = "https://localhost:443/fhir"
oidc_provider_url = "https://localhost:443/iam/oauth2/token"
client_id = None
client_secret = None

with open("appsettings.json") as sfp:
    settings = json.load(sfp)
    client_id = settings["ClientID"]
    client_secret = settings["ClientSecret"]

# Connect using oauth2/oidc
oidc_server = FhirServer(fhir_server, client_id=client_id, client_secret=client_secret,
                         oidc_provider_url=oidc_provider_url)

# Query resources based on name of resource
query = oidc_server.query("Patient", output_format="json").all()

Expected behavior Tokens are requested using client id and client secret.

Additional context fhir-kindling 1.0.2 with Python 3.11.5

migraf commented 1 year ago

You are right.. Oauth2 auth flow seems to just not be used 😅. It was there some time ago but must have fallen out during some merge very early. I'll look into it. A fix shouldn't take too long.

migraf commented 1 year ago

I've just published version 1.0.3. which has basic OIDC support. Let me know if this works for you. I hope I can add more sophisticated OIDC support soon.