Skip to main content

OpenID Connect

IGUHealth supports the following RFCs

Endpoints

To view oidc endpoints navigate to https://<api-domain>/w/<tenant>/oidc/.well-known/openid-configuration

NameURLDescription
Discovery Documenthttps://<domain>/w/<tenant>/oidc/.well-known/openid-configurationOpenID metadata information, used to automatically configure clients see https://openid.net/specs/openid-connect-discovery-1_0.html.
User Informationhttps://<domain>/w/<tenant>/oidc/auth/userinfoLooks up information about a user based on access token.
Token Endpointhttps://<domain>/w/<tenant>/oidc/auth/tokenObtain a token, method will very based on Client Application grant type.
Authorization Endpointhttps://<domain>/w/<tenant>/oidc/auth/authorizeAuthenticates and authorizes a user.
Logouthttps://<domain>/w/<tenant>/oidc/interaction/logoutLogs a user out.

Client Registration

To register a client, you need to make a POST request to the client registration endpoint at https://<api-domain>/w/<tenant>/api/v1/fhir/r4/ClientApplication. We use a custom resource type ClientApplication to register clients using the FHIR API see here for more details.

Testing

To test the OIDC endpoints you can do the following:

  1. Go to https://<tenant>.admin.iguhealth.app/ or equivalent if hosting our admin-app on your own.
  2. Navigate to Client Applications by clicking on the left sidebar under security
  3. Click new and fill in the following parameters:
  • name: AUTH_TESTING
  • grant-type: Authorization code
  • redirectUrl: https://openidconnect.net/callback
  1. Click actions and create
  2. Make a note of the id of the newly registered client.
  3. Navigate to https://openidconnect.net/
  4. In discovery document url fill in https://<api-domain>/w/<your-tenant-id>/oidc/.well-known/openid-configuration
  5. Click Use discovery document (token, authorization, jwks url should automatically be populated).
  6. Fill in the clientID with the value from step 4.
  7. Run through The debugger verifying each step (starting step is 1 Redirect to OpenID Connect Server).

Frontend React

We have react components and hooks that will setup authentication on your application. To use it do the following:

import { IGUHealthProvider, useIGUHealth } from "@iguhealth/components";

<IGUHealthProvider
domain={REACT_APP_FHIR_BASE_URL || ""}
tenant={"my-tenant-id"}
clientId={"my-client-id"}
redirectUrl={window.location.origin}
>
<App />
</IGUHealthProvider>;