Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot specify custom aud parameter and FHIR server URL #182

Open
bunyaminsg opened this issue Apr 5, 2024 · 0 comments
Open

Cannot specify custom aud parameter and FHIR server URL #182

bunyaminsg opened this issue Apr 5, 2024 · 0 comments

Comments

@bunyaminsg
Copy link

Is your feature request related to a problem? Please describe.
I cannot configure the issuer, audience parameter and fhirServerUrl separately. I have an authentication server and a FHIR server running on different domains. I want to configure the client accordingly such as:

Currently, in the authorize method of smart.js, iss or fhirServerUrl is used both as issuer, audience and fhir server url.

const serverUrl = String(iss || fhirServiceUrl || "");
...
const redirectParams = [..., "aud=" + encodeURIComponent(serverUrl), ...];

Describe the solution you'd like
I'd like to have the aud field in the auth configurations. Also, if the fhirServerUrl is provided, it should be used as serverUrl in the client state, not the issuer (iss).

router.get('/launch', function (req, res, next) {
  smart(req, res).authorize({
    clientId: "smart-app",
    redirectUri: "/callback",
    scope: "user/*.* openid launch",
    iss: "https://auth-server.com",
    // configurations below should be available
    aud: "fhir-server",
    fhirServerUrl: "https://fhir-server.com"
  })

Describe alternatives you've considered

I could make it work with following workarounds:

To change the aud parameter:

  • Disable redirect (noRedirect: true)
  • Get the redirect url from authorize method
  • Replace the aud parameter by parsing the redirect url string
  • Redirect to the overridden redirect url manually

To use different FHIR server URL than issuer (auth-server):

  • Call smart(req, res).ready() method to get the client with gained access token, etc.
  • Copy the state of the client and create a new client by changing the serverUrl field of the state

Please see the Express JS code example below:

const smartSettings = {
  clientId: "smart-app",
  redirectUri: "/callback",
  scope: "user/*.* openid",
  iss: "https://auth-server.com",
  noRedirect: true // Redirect will be handled manually after aud parameter is overridden
};

router.get('/launch', function (req, res, next) {
  smart(req, res).authorize(smartSettings).then(redirectUrl => {
    const [url, params] = redirectUrl.split('?')
    // Get the parameters other than aud
    const rest = params.split('&').filter(param => !param.startsWith("aud="))
    // change the aud and construct the url again, then redirect
    res.redirect([url, [...rest, "aud=fhir-server"].join('&')].join('?'))
  }).catch(next);
})

router.get('/callback', function (req, res, next) {
  smart(req, res)
      .ready({})
      .then(client => {
        // Get the client, use its state to create a new client with correct FHIR server URL
       const newClient = smart(req, res).client({...client.state, serverUrl: 'https://fhir-server.com'})
       ...
      });
})

Additional context
I couldn't find a way in the documentation to achieve this via configurations. Please let me know if there already is a solution that I'm missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant