Integration Saml für E-Rezept

zdavatz commented 1 year ago

Das Rezept gemäss CHMED16A signieren funktioniert so:

base64 -di rezept2 | gzip -d
3.5. Encapsulation of the JSON medication object
SAML Authentifizierung muss auch klappen, siehe Kapitel 4: 2023-06-14-3 Getting Started CI EPD - Technische Beschreibung-V81.pdf
create_erezept_pub.sh.txt Schritte 1,2 sind OAuth #244 Schritte 3, 4, 5 sind für SAML
https://github.com/certifaction/hinsign-cli
In einem ersten Schritt sind alle Rezepte 3: Prescription (Rx)
Beispiel JSON ist hier im Kapitel: 3.4
Minimalist JSON minimalist_json.txt

{
 "Patient": {
   "FName": "Hans",
   "LName": "Minimalist",
   "BDt": "1977-11-23"    
 },
 "Medicaments": [
   {
     "Id": "7680517950406",
     "IdType": 2
   }
],
 "MedType": 3,
 "Id": "ad6d758b-99ef-191f-9d81-6e8867ca9d5a",
 "Auth": "7601000778789",
 "Dt": "2023-06-28T11:08:49+02:00"
}

In einem ersten Schritt implementieren wir den MedicationPlan nicht. Also brauchen wir die RiskCategory, MedicalData, Measurement, Taking Time nicht.
Recommendation, Taking Time können wir ev aus unserem Text-Feld für Bemerkungen übernehmen.
PolymedicationCheck ist unsere Interaktionsüberprüfung.
Certifaction API Call: https://github.com/certifaction/hinsign-cli#43-example-api-call

b123400 commented 1 year ago

Ich habe ein gültig Access Token, wie so:

$ curl -H 'Authorization: Bearer $ACCESS_TOKEN' https://oauth2.sds.hin.ch/api/public/v1/self/
{"loginName":"...","email":"...","contactId":{...}}

Gemäss Schritt 4.1 in 2023-06-14-3 Getting Started CI EPD - Technische Beschreibung-V81.pdf, ich solle ein Request an "EpdSamlServiceUrl" senden, aber es klappt nicht.

curl -X POST -H "Authorization: Bearer $ACCESS_TOKEN" -H "Accept: application/json" "https://oauth2.epd-ci-int.adswiss.hin.ch/samlService/saml?targetUrl=http://localhost:8000&style=redirect"
Authentication failed!

Ich habe andere URLs in create_erezept_pub.sh.txt und #244 gefunden, aber aller klappt nicht.

zdavatz commented 1 year ago

Der Arzt muss sich einmalig den oAuth2-Token lösen, danach sollte er dank oAuth Refresh-Mechanismus nie mehr damit in Berührung kommen.

Die zweite Stufe muss der Arzt mindestens 1x täglich (bzw. alle 12h) durchlaufen, da der auth handle maximal 12 Stunden lang gültig ist.

zdavatz commented 1 year ago

Die Schritte gemäss Matthieu:

1. Ich hole mir das Access Token auf:
http://apps.hin.ch/REST/v1/OAuth/GetAuthCode/ADSwiss_CI-Test?response_type=code&client_id=ch.hin&redirect_uri=http%3A%2F%2Flocalhost%2FgetAccessToken

2. Dieses wandle ich um in ein Bearer Token:
curl --location --request POST 'https://oauth2.hin.ch/REST/v1/OAuth/GetAccessToken' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code={access token}' \
--data-urlencode 'redirect_uri=http://localhost/getAccessToken' \
--data-urlencode 'client_id={id}' \
--data-urlencode 'client_secret={secret}'

3.  curl --request POST --url 'https://oauth2.ci-prep.adswiss.hin.ch/authService/EPDAuth?targetUrl=http%3A%2F%2Flocalhost%2Fsuccess&style=redirect' --header 'accept: application/json' --header 'Authorization: Bearer {bearer token}'

4. Das gibt mir eine URL zurück, die ich in den Browser kopiere:
In der URI Bar wird mir der auth code angezeigt, z.b. 2ABKaatKgI6RRX4

5. Der auth code muss in einen auth handle umgewandelt werden (dafür brauche ich den bearer token und den auth code):
curl --request POST --url "https://oauth2.ci-prep.adswiss.hin.ch/authService/EPDAuth/auth_handle" -d "{\"authCode\":\"2ABKaatKgI6RRX4\"}" --header "accept: application/json" --header "Content-Type: application/json" --header "Authorization: Bearer {bearer token}"

Wichtig: Es kommt darauf an, ob single quotes oder double quotes eingesetzt werden!

zdavatz commented 1 year ago

Die produktive ID für das ADSwiss Convenience Interface lautet ganz einfach "ADSwiss_CI"

zdavatz commented 1 year ago

Crash after second Authentication:

=================================================================
Main Thread Checker: UI API called on a background thread: -[NSWindowController window]
PID: 1327, TID: 18026, Thread name: (none), Queue name: com.apple.NSURLSession-delegate, QoS: 0
Backtrace:
4   AmiKo Desitin                       0x0000000100cba874 -[MLADSwissOAuthWindowController receivedTokens:] + 112
5   AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
6   AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
7   CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
8   CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
9   libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
10  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
11  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
12  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
13  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
14  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
15  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
2023-07-11 08:27:42.808341+0200 AmiKo Desitin[1327:18026] [reports] Main Thread Checker: UI API called on a background thread: -[NSWindowController window]
PID: 1327, TID: 18026, Thread name: (none), Queue name: com.apple.NSURLSession-delegate, QoS: 0
Backtrace:
4   AmiKo Desitin                       0x0000000100cba874 -[MLADSwissOAuthWindowController receivedTokens:] + 112
5   AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
6   AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
7   CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
8   CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
9   libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
10  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
11  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
12  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
13  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
14  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
15  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
=================================================================
Main Thread Checker: UI API called on a background thread: -[NSWindow sheetParent]
PID: 1327, TID: 18026, Thread name: (none), Queue name: com.apple.NSURLSession-delegate, QoS: 0
Backtrace:
4   AmiKo Desitin                       0x0000000100cba888 -[MLADSwissOAuthWindowController receivedTokens:] + 132
5   AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
6   AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
7   CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
8   CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
9   libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
10  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
11  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
12  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
13  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
14  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
15  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
2023-07-11 08:27:47.570628+0200 AmiKo Desitin[1327:18026] [reports] Main Thread Checker: UI API called on a background thread: -[NSWindow sheetParent]
PID: 1327, TID: 18026, Thread name: (none), Queue name: com.apple.NSURLSession-delegate, QoS: 0
Backtrace:
4   AmiKo Desitin                       0x0000000100cba888 -[MLADSwissOAuthWindowController receivedTokens:] + 132
5   AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
6   AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
7   CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
8   CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
9   libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
10  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
11  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
12  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
13  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
14  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
15  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
=================================================================
Main Thread Checker: UI API called on a background thread: -[NSWindow endSheet:returnCode:]
PID: 1327, TID: 18026, Thread name: (none), Queue name: com.apple.NSURLSession-delegate, QoS: 0
Backtrace:
4   AmiKo Desitin                       0x0000000100cba8c0 -[MLADSwissOAuthWindowController receivedTokens:] + 188
5   AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
6   AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
7   CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
8   CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
9   libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
10  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
11  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
12  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
13  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
14  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
15  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
2023-07-11 08:27:47.596095+0200 AmiKo Desitin[1327:18026] [reports] Main Thread Checker: UI API called on a background thread: -[NSWindow endSheet:returnCode:]
PID: 1327, TID: 18026, Thread name: (none), Queue name: com.apple.NSURLSession-delegate, QoS: 0
Backtrace:
4   AmiKo Desitin                       0x0000000100cba8c0 -[MLADSwissOAuthWindowController receivedTokens:] + 188
5   AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
6   AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
7   CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
8   CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
9   libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
10  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
11  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
12  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
13  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
14  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
15  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
2023-07-11 08:27:47.617820+0200 AmiKo Desitin[1327:18026] [NSMenu] API misuse warning: modification of a menu's items on a non-main thread when the menu is part of the main menu. Main menu contents should only be modified from the main thread. This will be a runtime error in a future macOS version.
2023-07-11 08:27:47.618015+0200 AmiKo Desitin[1327:18026] [NSMenu] API misuse warning: modification of a menu's items on a non-main thread when the menu is part of the main menu. Main menu contents should only be modified from the main thread. This will be a runtime error in a future macOS version.
2023-07-11 08:27:47.618108+0200 AmiKo Desitin[1327:18026] [NSMenu] API misuse warning: modification of a menu's items on a non-main thread when the menu is part of the main menu. Main menu contents should only be modified from the main thread. This will be a runtime error in a future macOS version.
2023-07-11 08:27:47.618202+0200 AmiKo Desitin[1327:18026] [NSMenu] API misuse warning: modification of a menu's items on a non-main thread when the menu is part of the main menu. Main menu contents should only be modified from the main thread. This will be a runtime error in a future macOS version.
2023-07-11 08:27:47.618572+0200 AmiKo Desitin[1327:18026] [NSMenu] API misuse warning: modification of a menu's items on a non-main thread when the menu is part of the main menu. Main menu contents should only be modified from the main thread. This will be a runtime error in a future macOS version.
2023-07-11 08:27:47.626321+0200 AmiKo Desitin[1327:18026] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'NSWindow drag regions should only be invalidated on the Main Thread!'
*** First throw call stack:
(
    0   CoreFoundation                      0x0000000185767154 __exceptionPreprocess + 176
    1   libobjc.A.dylib                     0x00000001852864d4 objc_exception_throw + 60
    2   CoreFoundation                      0x00000001857903a0 _CFBundleGetValueForInfoKey + 0
    3   AppKit                              0x0000000188930a00 -[NSWindow(NSWindow_Theme) _postWindowNeedsToResetDragMarginsUnlessPostingDisabled] + 320
    4   AppKit                              0x00000001891a5c58 -[NSSheetMoveHelper setUpAnimation] + 68
    5   AppKit                              0x0000000188925790 +[NSAnimationContext runAnimationGroup:] + 56
    6   AppKit                              0x0000000188b85258 -[NSMoveHelper _doAnimation] + 336
    7   AppKit                              0x00000001891a61bc -[NSSheetMoveHelper closeSheet] + 384
    8   AppKit                              0x0000000188b8a194 -[NSWindow(NSSheets) _orderOutRelativeToWindow:] + 48
    9   AppKit                              0x00000001890ee854 -[NSWindow _reallyDoOrderWindowOutRelativeTo:] + 892
    10  AppKit                              0x00000001890eea40 -[NSWindow _reallyDoOrderWindow:] + 80
    11  AppKit                              0x00000001890eec90 -[NSWindow _doOrderWindow:] + 264
    12  AppKit                              0x00000001890f3be0 NSWindowEndWindowModalSession + 396
    13  AmiKo Desitin                       0x0000000100cba8c0 -[MLADSwissOAuthWindowController receivedTokens:] + 188
    14  AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
    15  AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
    16  CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
    17  CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
    18  libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
    19  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
    20  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
    21  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
    22  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
    23  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
    24  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
)
2023-07-11 08:27:47.626547+0200 AmiKo Desitin[1327:18026] [General] An uncaught exception was raised
2023-07-11 08:27:47.626584+0200 AmiKo Desitin[1327:18026] [General] NSWindow drag regions should only be invalidated on the Main Thread!
2023-07-11 08:27:47.626625+0200 AmiKo Desitin[1327:18026] [General] (
    0   CoreFoundation                      0x0000000185767154 __exceptionPreprocess + 176
    1   libobjc.A.dylib                     0x00000001852864d4 objc_exception_throw + 60
    2   CoreFoundation                      0x00000001857903a0 _CFBundleGetValueForInfoKey + 0
    3   AppKit                              0x0000000188930a00 -[NSWindow(NSWindow_Theme) _postWindowNeedsToResetDragMarginsUnlessPostingDisabled] + 320
    4   AppKit                              0x00000001891a5c58 -[NSSheetMoveHelper setUpAnimation] + 68
    5   AppKit                              0x0000000188925790 +[NSAnimationContext runAnimationGroup:] + 56
    6   AppKit                              0x0000000188b85258 -[NSMoveHelper _doAnimation] + 336
    7   AppKit                              0x00000001891a61bc -[NSSheetMoveHelper closeSheet] + 384
    8   AppKit                              0x0000000188b8a194 -[NSWindow(NSSheets) _orderOutRelativeToWindow:] + 48
    9   AppKit                              0x00000001890ee854 -[NSWindow _reallyDoOrderWindowOutRelativeTo:] + 892
    10  AppKit                              0x00000001890eea40 -[NSWindow _reallyDoOrderWindow:] + 80
    11  AppKit                              0x00000001890eec90 -[NSWindow _doOrderWindow:] + 264
    12  AppKit                              0x00000001890f3be0 NSWindowEndWindowModalSession + 396
    13  AmiKo Desitin                       0x0000000100cba8c0 -[MLADSwissOAuthWindowController receivedTokens:] + 188
    14  AmiKo Desitin                       0x0000000100cbb648 __86-[MLHINOAuthWindowController webView:decidePolicyForNavigationAction:decisionHandler:]_block_invoke.25 + 496
    15  AmiKo Desitin                       0x0000000100ca16a4 __55-[MLHINClient fetchAccessTokenWithAuthCode:completion:]_block_invoke + 484
    16  CFNetwork                           0x0000000189f39e20 CFURLCredentialStorageCopyAllCredentials + 22460
    17  CFNetwork                           0x0000000189eccf1c CFURLRequestCopyAllHTTPHeaderFields + 7968
    18  libdispatch.dylib                   0x00000001011f4e30 _dispatch_call_block_and_release + 32
    19  libdispatch.dylib                   0x00000001011f699c _dispatch_client_callout + 20
    20  libdispatch.dylib                   0x00000001011ffd20 _dispatch_lane_serial_drain + 980
    21  libdispatch.dylib                   0x0000000101200dc0 _dispatch_lane_invoke + 476
    22  libdispatch.dylib                   0x0000000101210954 _dispatch_workloop_worker_thread + 1060
    23  libsystem_pthread.dylib             0x0000000100dfbcc8 _pthread_wqthread + 288
    24  libsystem_pthread.dylib             0x0000000100e03a6c start_wqthread + 8
)
libc++abi: terminating due to uncaught exception of type NSException
(lldb)

zdavatz commented 1 year ago

Bei 15 Medikamenten ist der QR-Code noch zu klein, wenn man das Rezept ausdruckt. RZ_2023-07-11T083509.pdf

zdavatz / amiko-osx

Integration Saml für E-Rezept #245