ehrbase/openEHR_SDK

Client does not handle authorization

Closed this issue · 2 comments

jpwiedekopf commented

Background

The client currently does not support authorization against secured EHRbase endpoints. This means that authorization credentials provided to the FHIR Bridge are not currently used and requests can only be executed against insecure endpoints.

Acceptance criteria

I am working on a PR to address this issue - https://github.com/jpwiedekopf/openEHR_SDK/tree/feature/266_add_authorization_client.

  • Basic authorisation can be provided to the OpenEhrClientConfig
  • Bearer authorisation can be provided to the OpenEhrClientConfig
  • The credential is added to the HTTP requests' Authorization header
  • FHIR bridge utilizes configuration to provide authorization details

Definition of Done

  • Review / Merge request approved (P2P session)
  • Unit tests passed
  • Updated documentation (Javadoc and Sphinx)
  • Acceptance criteria fulfilled
  • Build without errors
  • Release notes prepared
  • Runtime warnings
stefanspiska commented

@jpwiedekopf
The Client allows to set the used Apache client
'''
public DefaultRestClient(
OpenEhrClientConfig config, TemplateProvider templateProvider, HttpClient httpClient)
'''
and this can be used to set the authorization.

actually this is used in the FHIR Bridge

https://github.com/ehrbase/fhir-bridge/blob/develop/src/main/java/org/ehrbase/fhirbridge/config/ehrbase/EhrbaseConfiguration.java

jpwiedekopf commented

Ah, thanks! I'll take a look at the needed configuration options.
I feel like this is not discoverable enough, but this can be addressed with changes to the README of the SDK and the FHIR Bridge. I'll send PRs to that extent instead. Closing this issue for now.