Backend Authorization support for Vonk fhir server


#1

Hi,
I am running Vonk FHIR server “https://fire.ly/vonk/vonk-fhir-server/” on my local machine and managed to enable authentication on that based on this (http://docs.simplifier.net/vonk/start.html) documentation.Is it possible to perform backend service authorization flow to get the access token from the server.If yes then are there any references available for same.


#2

Hi there,

I am oneof the developers of the Vonk Server. I am not really sure what you are trying to do, but have you read this documentation about Authentication and Authorization?


#3

Hi,
I have read the documentation and i managed to to install vonk with mongoDB and also setup the identity provider using this IdentityServer4 project on GitHub project.I have enabled the authentication in vonk server by modifying the appsettings.json file. Finally I got the conformance from vonk server which had the token endpoint information.
I am now trying to get the authorization JWT token using backend service authorization flow I just wanted information about how to achieve this using vonk because i did not find any documentation about this authorization flow.


#4

Hi Nagesh,

I’ve heard that you also contact our support desk (vonk@fire.ly) about this subject. We are not very sure what you are trying to do here. But I think the following:
You are developing backend service which should have access to Vonk (FHIR service). This backend service should first registered to the EHR’s authorization service, which is out of scope for Vonk. Then your backend service need to obtain an access token from the authorization service. How to this this, has been well documentated on this page: http://docs.smarthealthit.org/authorization/backend-services/. When you have obtained the access token from the authorization service, you use this token to access FHIR resources on Vonk. There are two settings in Vonk (appSettings.json) to accept these kind of access tokens:

"authority": "url-to-your-identity-provider",
"Audience": "audience-claim", //Has to match the value the Authority provides in the audience claim.

And of course “SmartAuthorizationOptions” should be enabled.

So Vonk is not responsible to give you the access token. That is the responsiblity of the authorization service. When you received an access token of this authorization service, then you send this token along with the request to Vonk and Vonk consumes this token and provides you access to resources (or not when you have no access).

Hopefully this information clarifies it for you.

Kind regards,
Marco Visser