Openemr fix 5704 5705 pkce oauth2 clients #5706
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Put in support for PKCE and restricted it to only support the S256 code_challenge_method per the SMART on FHIR requirements. Added to our smart configuration the PKCE support as well as the capability that we only support the v1 smart scopes at this point in time. Added a global flag that controls how app authorizations are done. US jurisdictions need to use the auto-enabling of patient standalone apps or need to manually approve patient apps within 48 hours. Other jurisidictions can turn off all app approval if they wish to have tighter control of their security. Fixed some bugs with the OAuth2 authorization_code, password, and refresh grants. Allowed offline_access scope for public patient standalone apps. Patients will be warned when offline_access is granted. Updated API documentation per ONC requirements for PKCE information.
|
code looks good to me :) |
Discovered the api tests were failing which is GREAT as it means some of our bug fixes are working. Disabled clients using the password grant were being rejected. We have to enable the client in order for the tests to communicate via the api.
|
So the API tests failing were actually a good sign that things were working :) Fixed the API clients to enable the password grant clients. |
adunsulag
added a commit
to DiscoverAndChange/openemr
that referenced
this pull request
Aug 31, 2022
* WIP openemr#5704, openemr#5705 PKCE, OAuth2 app approvals Put in support for PKCE and restricted it to only support the S256 code_challenge_method per the SMART on FHIR requirements. Added to our smart configuration the PKCE support as well as the capability that we only support the v1 smart scopes at this point in time. Added a global flag that controls how app authorizations are done. US jurisdictions need to use the auto-enabling of patient standalone apps or need to manually approve patient apps within 48 hours. Other jurisidictions can turn off all app approval if they wish to have tighter control of their security. Fixed some bugs with the OAuth2 authorization_code, password, and refresh grants. Allowed offline_access scope for public patient standalone apps. Patients will be warned when offline_access is granted. Updated API documentation per ONC requirements for PKCE information. * Fix stlye issues * Fix API Tests use enabled client Discovered the api tests were failing which is GREAT as it means some of our bug fixes are working. Disabled clients using the password grant were being rejected. We have to enable the client in order for the tests to communicate via the api.
bradymiller
pushed a commit
that referenced
this pull request
Aug 31, 2022
* WIP #5704, #5705 PKCE, OAuth2 app approvals Put in support for PKCE and restricted it to only support the S256 code_challenge_method per the SMART on FHIR requirements. Added to our smart configuration the PKCE support as well as the capability that we only support the v1 smart scopes at this point in time. Added a global flag that controls how app authorizations are done. US jurisdictions need to use the auto-enabling of patient standalone apps or need to manually approve patient apps within 48 hours. Other jurisidictions can turn off all app approval if they wish to have tighter control of their security. Fixed some bugs with the OAuth2 authorization_code, password, and refresh grants. Allowed offline_access scope for public patient standalone apps. Patients will be warned when offline_access is granted. Updated API documentation per ONC requirements for PKCE information. * Fix stlye issues * Fix API Tests use enabled client Discovered the api tests were failing which is GREAT as it means some of our bug fixes are working. Disabled clients using the password grant were being rejected. We have to enable the client in order for the tests to communicate via the api.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #5704
Fixes #5705
Put in support for PKCE and restricted it to only support the S256
code_challenge_method per the SMART on FHIR requirements.
Added to our smart configuration the PKCE support as well as the
capability that we only support the v1 smart scopes at this point in
time.
Added a global flag that controls how app authorizations are done. US
jurisdictions need to use the auto-enabling of patient standalone apps
or need to manually approve patient apps within 48 hours. Other
jurisidictions can turn off all app approval if they wish to have
tighter control of their security.
Fixed some bugs with the OAuth2 authorization_code, password, and
refresh grants.
Allowed offline_access scope for public patient standalone apps.
Patients will be warned when offline_access is granted.
Updated API documentation per ONC requirements for PKCE information.