Versions Compared

Old Version 3

changes.mady.by.user Dragos Dobre

Saved on

compared with

New Version 4

changes.mady.by.user Dragos Dobre

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The objective is to manage User authentication directly from the FHIR module. The JWT authentication mechanism is used. FHIR module is using the authentication services so the token can be used in both FHIR REST API and GraphQL queries.

Plantumlcloud
filenameSD_AdjudicateClaimsAI.png
datalVTbTsMwDP2aPiKFdvuAdnSiSHsBBI9T1po1Ik2qXCbg63GSbmtpNkCKNtuxj+1jp8mCaEOVsR1PSI6nR4XVrKfCJClZcQZeCJc7+eHkNJU9iGpTPaFWCQQQNaDV32Wc7Vuz4xZmaOiyvq8eUdrIxvIhhGr88faI/0oqdCPdT39vj/gXVjMBWsdiihIjQDQoukZ8R9QaKWy3AzXotWEHauDcO8mDcJNkpa8yy32qNe3Z9q1laqsWqHG5Z2IKMPTkjNyV90I5c8lrBQ0CMsq1u3Zg3tdl8H35DCBq2TiYh9fnk9u4vMBAsDtlWqCLCmPzDg1cCj1lDu364JSQMwpyxjX4SR8iHYySxKAW5DaGEOhKSU8/uaTNLxBkGJwn80/jSLKVAi2twsXMSuexLAIluTWtVOyLGiZFsrxDxDn5DUzIv8TdbLRGvoO4MhWrQQnawT/mglvrQ2vKOf4hwIHVoGMr4Rc8WItymhjJsNzE047Cri7DidAR3GywgYHRUsxJAKWkOpLMxN5FtTBj78o2HVcBz6ST4cVNST0+Y3cW+Kwa/NZ9Aw==
width
compressedtrue
revision1

FHIR REST API Login endpoint

Code Block
languagetext
POST /api_fhir_r4/login 

Request body: 
  {
    "username": [username],
    "password": [password]
  }

HTTP 200 Response body: 
  {
    "token": [token]
    "exp": [expire_date]
  }

HTTP 401 Response if credentials are not valid

FHIR REST API

...

Authorization header

All other FHIR R4 requests should contain the Authentication Authorization header with the Bearer token.

Authentication
Code Block
languagetext
Authorization: Bearer [token]

HTTP 200 Response when token validated (the actual resource payload is returned)

HTTP 401 Response when:
  if AuthenticationAuthorization header is missing 
  if Bearer prefix is missing
  if error on decoding AuthenticationAuthorization header  
  if token is expired

...