如何在没有任何授权令牌的情况下将 Azure API 用于 FHIR 服务器

Question

I have created a resource for Azure API for FHIR Server . I am able to get see the metadata information using the URL like https://fhir-server-url/metadata . As mentioned in the documentation https://docs.microsoft.com/en-us/azure/healthcare-apis/access-fhir-postman-tutorial to access other URLs like https://fhir-server-url/Patient , we need to get the Authorization token first. To get the authorization token we need ClientID which we can get by creating an application in Azure Active Directory. But I don't have access to it.

Is there any way I could access this URL without requiring the authorization token? By making some setup in Azure Portal.

Answer 1

If you are using the first party audience (eg https://azurehealthcareapis ), which is the default when deploying the Azure API for FHIR, you can actually use a first party client application such as the Azure CLI to get a token. Check https://docs.microsoft.com/azure/healthcare-apis/get-healthcare-apis-access-token-cli for details.

First log in with the Azure CLI ( https://docs.microsoft.com/cli/azure/?view=azure-cli-latest ) :

az login

Get a token and store it

token=$(az account get-access-token --resource=https://azurehealthcareapis.com | jq -r .accessToken)

Use the token:

curl -X GET --header "Authorization: Bearer $token" https://<FHIR ACCOUNT NAME>.azurehealthcareapis.com/Patient

Answer 2

It looks like from the FHIR Server Doc you can turn this on or off based on the FhirServer:Security:Enabled config setting see https://github.com/microsoft/fhir-server/blob/master/docs/Authentication.md

"FhirServer" : {
"Security": {
    "Enabled":  true,
    "Authentication": {
        "Audience": "fhir-api",
        "Authority": "https://localhost:44348"
    }
}}

Answer 3

One way is to get your app registration in Azure Active Directory(AAD).

You would need two app registrations in AAD to get client Id & client secret for authorization token retrieval.