Announcement

Collapse
No announcement yet.

OAuth2.0

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth2.0

    Hi

    Could anyone give me a quick guide on how to setup a channel that posts a HL7 message to a HTTPs API that uses OAuth2?

    I'm struggling with the parameters.

    Basically I have the below instructions from the supplier:

    Our API uses OAuth2.0, so to gain access, you will need to Base 64 encode your Client ID and Client Secret (CID:CSECRET), place that in the “Authorization: Basic ENCODED_DETAILS” header and post “grant_type=client_credentials” to https://someurl.com/api/auth.

    If successful, using the access token that is returned, you can post your HL7 message to

    https://someurl.com/api/hl7/refer?ac...n=ACCESS_TOKEN.

    Any help is appreciated, there isnt much out there on Mirth and OAuth2

    Thanks,
    Dave

  • #2
    Its pretty simple. The first destination would be a HTTP Sender connector, which will go to the auth end point, You can capture the token in the response transformer of this destination. Put the token in a channelMap for subsequent calls.

    You have to break down the auth call and put things at the right place..if I remember correctly, clientID and secret goes in the query parameter.
    HL7v2.7 Certified Control Specialist!

    Comment


    • #3
      At my organization we use OAuth2 using a Javascript web token JWT to communicate with Oauth2 for certain applications. That is several steps more complex but I can give you the general idea.
      NOTE: We use a 3rd party java library to construct the JWT in the transformer step. I won't go into that here as it is WAY out of the scope of the question.

      Source is on a timer/cron job and is a javascript reader. We have it return "<root>abc</root>". The real magic is in the http sender destination.
      Destination 1 is an http sender to the Oauth server.
      Query Params are
      Code:
          client_assertion:   base 64 encoded JWT header+payload+sig. 
          grant_type : client_Credentials
          client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer   <==== Yours will be different.
      That will return something like
      Code:
      {
         "access_token" : keyYouWantHereAsBase64,
         "token_type": "bearer",
         "expires_in": seconds-to-live eg 900,
         "scope": based on security so who knows
      }
      You need to then use a responseTransformer and pull out the access_token value and save it to a channelMap.

      Then in the second destination in the same chain....
      have the radio button for Authentication set to No.

      but In the headers have
      Authorization: Bearer ${valueOfAccessToken}


      Was this helpful?

      Comment


      • #4
        Originally posted by collinsmj View Post
        At my organization we use OAuth2 using a Javascript web token JWT to communicate with Oauth2 for certain applications. That is several steps more complex but I can give you the general idea.
        NOTE: We use a 3rd party java library to construct the JWT in the transformer step. I won't go into that here as it is WAY out of the scope of the question.

        Source is on a timer/cron job and is a javascript reader. We have it return "<root>abc</root>". The real magic is in the http sender destination.
        Destination 1 is an http sender to the Oauth server.
        Query Params are
        Code:
        client_assertion: base 64 encoded JWT header+payload+sig.
        grant_type : client_Credentials
        client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer <==== Yours will be different.
        That will return something like
        Code:
        {
        "access_token" : keyYouWantHereAsBase64,
        "token_type": "bearer",
        "expires_in": seconds-to-live eg 900,
        "scope": based on security so who knows
        }
        You need to then use a responseTransformer and pull out the access_token value and save it to a channelMap.

        Then in the second destination in the same chain....
        have the radio button for Authentication set to No.

        but In the headers have
        Authorization: Bearer ${valueOfAccessToken}


        Was this helpful?
        Hi, I don't suppose you've got a channel you could share with me? I'm trying to get my head round OAuth2 and JWT as it's the first time I've used it and I'm getting nowhere fast. Haven't been able to find anything of much use online.

        Comment

        Working...
        X