FHIR Authentication

The objective is to manage User authentication directly from the FHIR module. The JWT authentication mechanism is used. FHIR module is using the authentication services so the token can be used in both FHIR REST API and GraphQL queries.

FHIR REST API Login endpoint

The /login endpoint has been added to the FHIR R4 module to allow the generation of the JWT token through the FHIR R4 module’s REST API.

FHIR REST API Authorization header

All other FHIR R4 requests should contain the Authorization header with the Bearer token.

FHIR Authorisation

In openIMIS, authorisation is based on User’s role and location. A role is a group of authorities or permissions which are well defined and constant (see openIMIS Authorities for an up-to-date list of authorities). During the migrations, some of authorities were not added in the new created modules. Moreover, the query set used to obtain the data related to a resource was fetching all the objects from the DB.

Based on the openIMIS Authorities, used in the legacy openIMIS, we have added the missing permission to the modular openIMIS. Also, we have updated the query sets and retrieved them from the business module (e.g. Claim module) which limits the access based on the Users The following modules have been updated:

• openimis-be-core_py: PR#61, PR#63, PR#64

• openimis-be-medical_py: PR#11

• openimis-be-medical_pricelist_py: PR#9

• openimis-be-product_py: PR#7

• openimis-be-payer_py: PR#2

• openimis-be-claim_py: PR#38

• openimis-be-claim_batch_py: PR#10

• openimis-be-location_py: PR#10

• openimis-be-api_fhir_r4_py: PR#17, PR#18, PR#19