Last active
August 12, 2017 21:23
-
-
Save narath/7ef6091434fbbe71b3a72affce223416 to your computer and use it in GitHub Desktop.
SMART Authorization Files from http://docs.smarthealthit.org/tutorials/authorization/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Simple Auth App</title> | |
<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> | |
</head> | |
<body> | |
<script> | |
// get the URL parameters received from the authorization server | |
var state = getUrlParameter("state"); // session key | |
var code = getUrlParameter("code"); // authorization code | |
// load the app parameters stored in the session | |
var params = JSON.parse(sessionStorage[state]); // load app session | |
var tokenUri = params.tokenUri; | |
var clientId = params.clientId; | |
var secret = params.secret; | |
var serviceUri = params.serviceUri; | |
var redirectUri = params.redirectUri; | |
// Prep the token exchange call parameters | |
var data = { | |
code: code, | |
grant_type: 'authorization_code', | |
redirect_uri: redirectUri | |
}; | |
var options; | |
if (!secret) { | |
data['client_id'] = clientId; | |
} | |
options = { | |
url: tokenUri, | |
type: 'POST', | |
data: data | |
}; | |
if (secret) { | |
options['headers'] = {'Authorization': 'Basic ' + btoa(clientId + ':' + secret)}; | |
} | |
// obtain authorization token from the authorization service using the authorization code | |
$.ajax(options).done(function(res){ | |
// should get back the access token and the patient ID | |
var accessToken = res.access_token; | |
var patientId = res.patient; | |
// and now we can use these to construct standard FHIR | |
// REST calls to obtain patient resources with the | |
// SMART on FHIR-specific authorization header... | |
// Let's, for example, grab the patient resource and | |
// print the patient name on the screen | |
var url = serviceUri + "/Patient/" + patientId; | |
$.ajax({ | |
url: url, | |
type: "GET", | |
dataType: "json", | |
headers: { | |
"Authorization": "Bearer " + accessToken | |
}, | |
}).done(function(pt){ | |
var name = pt.name[0].given.join(" ") +" "+ pt.name[0].family.join(" "); | |
document.body.innerHTML += "<h3>Patient: " + name + "</h3>"; | |
}); | |
}); | |
// Convenience function for parsing of URL parameters | |
// based on http://www.jquerybyexample.net/2012/06/get-url-parameters-using-jquery.html | |
function getUrlParameter(sParam) | |
{ | |
var sPageURL = window.location.search.substring(1); | |
var sURLVariables = sPageURL.split('&'); | |
for (var i = 0; i < sURLVariables.length; i++) | |
{ | |
var sParameterName = sURLVariables[i].split('='); | |
if (sParameterName[0] == sParam) { | |
var res = sParameterName[1].replace(/\+/g, '%20'); | |
return decodeURIComponent(res); | |
} | |
} | |
} | |
</script> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Simple Auth App - Launch</title> | |
<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> | |
</head> | |
<body> | |
Loading... | |
<script> | |
// Change this to the ID of the client that you registered with the SMART on FHIR authorization server. | |
var clientId = "16cbfe7c-6c56-4876-944f-534f9306bf8b"; | |
// For demonstration purposes, if you registered a confidential client | |
// you can enter its secret here. The demo app will pretend it's a confidential | |
// app (in reality it cannot be confidential, since it cannot keep secrets in the | |
// browser) | |
var secret = null; // set me, if confidential | |
// These parameters will be received at launch time in the URL | |
var serviceUri = getUrlParameter("iss"); | |
var launchContextId = getUrlParameter("launch"); | |
// The scopes that the app will request from the authorization server | |
// encoded in a space-separated string: | |
// 1. permission to read all of the patient's record | |
// 2. permission to launch the app in the specific context | |
var scope = [ | |
"patient/*.read", | |
"launch" | |
].join(" "); | |
// Generate a unique session key string (here we just generate a random number | |
// for simplicity, but this is not 100% collision-proof) | |
var state = Math.round(Math.random()*100000000).toString(); | |
// To keep things flexible, let's construct the launch URL by taking the base of the | |
// current URL and replace "launch.html" with "index.html". | |
var launchUri = window.location.protocol + "//" + window.location.host + window.location.pathname; | |
var redirectUri = launchUri.replace("launch.html","index.html"); | |
// FHIR Service Conformance Statement URL | |
var conformanceUri = serviceUri + "/metadata" | |
// Let's request the conformance statement from the SMART on FHIR API server and | |
// find out the endpoint URLs for the authorization server | |
$.get(conformanceUri, function(r){ | |
var authUri, | |
tokenUri; | |
var smartExtension = r.rest[0].security.extension.filter(function (e) { | |
return (e.url === "http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris"); | |
}); | |
smartExtension[0].extension.forEach(function(arg, index, array){ | |
if (arg.url === "authorize") { | |
authUri = arg.valueUri; | |
} else if (arg.url === "token") { | |
tokenUri = arg.valueUri; | |
} | |
}); | |
// retain a couple parameters in the session for later use | |
sessionStorage[state] = JSON.stringify({ | |
clientId: clientId, | |
secret: secret, | |
serviceUri: serviceUri, | |
redirectUri: redirectUri, | |
tokenUri: tokenUri | |
}); | |
// finally, redirect the browser to the authorizatin server and pass the needed | |
// parameters for the authorization request in the URL | |
window.location.href = authUri + "?" + | |
"response_type=code&" + | |
"client_id=" + encodeURIComponent(clientId) + "&" + | |
"scope=" + encodeURIComponent(scope) + "&" + | |
"redirect_uri=" + encodeURIComponent(redirectUri) + "&" + | |
"aud=" + encodeURIComponent(serviceUri) + "&" + | |
"launch=" + launchContextId + "&" + | |
"state=" + state; | |
}, "json"); | |
// Convenience function for parsing of URL parameters | |
// based on http://www.jquerybyexample.net/2012/06/get-url-parameters-using-jquery.html | |
function getUrlParameter(sParam) | |
{ | |
var sPageURL = window.location.search.substring(1); | |
var sURLVariables = sPageURL.split('&'); | |
for (var i = 0; i < sURLVariables.length; i++) | |
{ | |
var sParameterName = sURLVariables[i].split('='); | |
if (sParameterName[0] == sParam) { | |
var res = sParameterName[1].replace(/\+/g, '%20'); | |
return decodeURIComponent(res); | |
} | |
} | |
} | |
</script> | |
</body> | |
</html> |
I found this.
https://sb-fhir-dstu2.smarthealthit.org/api/smartdstu2/data
But at the same time, the tutorial says that you should launch your app from the sandbox. Hence, the launcher will pass the right arguments for you.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What are the values for these?
var serviceUri = getUrlParameter("iss");
var launchContextId = getUrlParameter("launch");