Final Project Talk Thread : https://talk.openmrs.org/t/gsoc-2018-oauth-module-enhancements-and-smart-apps-support-final-presentation/19472
...
Abstract
The OAuth2 module is functional with all grant types working and works fine against OpenMRS Reference Application 2.x releases with work done in FHIR OAuth Smart Apps Integration after the work on OAuth module enhancements and SMART apps support. Also the EHR Launch Flow for SMART Applications is fully integrated in the module.The objective of this project is to enhance upgrade the OAuth2 module by writing unit tests to increase code coverage, migrate from an XML based configuration to an Annotation based configuration wherever possible, by migrating to Spring Security OAuth2 2.x and creation of all new SMART OWA which fully supports SMART Apps functionality. Another major objective is to extend the functionality of scopes and launch context by adding more scopes. The api layer of the module is well tested and omod layer needs to tested with proper unit tests so as to increase code coverage of the module. Also check and upgrade Spring, Spring Security, Jackson and Hibernate dependencies to make making sure the that module works fine against the latest OpenMRS Reference Application release. Another major goal is to fully integrate EHR-launch flow for the SMART applications. This functionality must be tested out against the FHIR module with SMART applications from the SMART App Gallery . Also, the module needs to add support for SMART app "launch scopes".Note on the current state of module : The module is tried and tested against all OpenMRS 2.x releases upto OpenMRS 2.2-Snapshot. All grant types work and SMART applications run against the module with the manual-launch flow. REST controller to create and manage OAuth2 clients is integrated and works as intended.The final aim is to get OAuth2 module ready so as to get it bundled with next release of OpenMRS.
Project Champions
Sanatt Abrol Mayank Sharma Harsha Kumara Prabodh Kotasthane Ian Bacher
Goals
- Upgrade Dependencies : Upgrade all the Spring, Spring Security, Hibernate, Jackson dependencies so Migrating to Spring Security OAuth2 2.x : Currently the OAuth2 module works on Spring Security OAuth2 version 1.0.5. Upgrade the version to Spring Security OAuth2 2.x ensuring that the module works fine against the latest OpenMRS release. As we have moved to Java8, Spring 4.x, Hibernate 4.x with the Platform 2.0 release, the OAuth2 module needs to be migrated to the latest tech stack. This would require many dependencies and code changes. Please see the Platform Release notes [https://wiki.openmrs.org/display/RES/Platform+Release+ Notes+2.1.2].Roles and Launch Scopes
- SMART OWA :At present, the module doesn't support any launch scope (Patient/read, Patient/write, etc.) See http://docs.smarthealthit.org/authorization/scopes-and-launch-context/. Implementing these launch scopes will make sure that the module works in accordance to the SMART Healthcare IT guidelines.
- Switch to Annotations where possible : Annotation based configuration is more common in the new spring security releases as compared to their xml counterpart. They are easier to understand. At present Spring Security and Spring Security OAuth2 are configured purely via xml. We need to identify places where it would make sense to switch to Annotations instead.
- EHR-launch flow : As of now, the module can only run SMART application running standalone. See http://www.we have a simple SMART OWA with basic UI to support the SMART apps in OpenMRS Reference application. We aim at making a new SMART OWA with better UI and functionality of registering, running and editing SMART Apps.
- Scopes and Launch Context : The OAuth2 module currently support patient and user specific scopes and launch context. Extend this to other resource specific scopes and launch context. Support for more complex scopes can be added. Read about scopes and launch context here [http://hl7.org/fhir/smart-app-launch/scopes-and-launch-context/. To properly utilize the power of SMART apps, index.html]
- EHR-launch flow must be integrated in the module with all necessary UI additions.Use-case implementation : Identify and Implement use-cases for different grant types. For instance, a basic SMART app can demonstrate using the OAuth2 module's Authorization Code Grant Type besides the interaction between OAuth2 and FHIR modules. Similarly, OWA module based app can demonstrate OAuth2 module's Implicit grant type while the OpenMRS Android Client can exploit the Resource Owner Password Credentials use case : As of now, SMART apps need to be configured according to OpenMRS and the client secret needs to be hard-coded into the authorization headers in order to successfully run some SMART apps. This needs to be fixed.
- Increase Code Coverage : Write unit tests for the untested code omod layer and increase code coverage. Research on writing tests for controllers needs to be done and finally omod layer must be properly tested. Follow OpenMRS Unit Tests Conventions and also add raw test data.
Expected Deliverables
- An OAuth2 module compatible with the latest OpenMRS Platform and Reference Application upgraded on Spring Security OAuth2 version 2.x (This is a priority!)
- EHR-launch flow implemented in the module with all the necessary UI additions A proper react based SMART Open Web Application which fully supports SMART Apps. (Begin after the first deliverable is complete)
Increased overall test coverage. Support for more SMART scopes and launch context.
- Increased overall test coverage.
An OpenMRS OWA demonstrating the implicit grant type flow (Bonus Karma points, if time permits)
- Android Client demonstrating as Password protocol flow (Bonus Karma points, if time permits)
...
- Go through the OAuth specification (RFC 6749) and understand OAuth2 and it's grant types.
- Go through the OAuth2 module and all child pages to see what work is already done.
- Go through the project report https://pkatgithub.github.io/GSoC-2018-Final-Evaluations/from GSoC 2018.
- Go through the project report https://mavrk.github.io/GSOC-2017-final/ from last year's GSoC 2017.
- Run the module on your machine and test it's functionality.
- Study the data structures for Client and ClientDevelopers in OAuth2,'
- Go through the Client REST Controller and study all the REST Endpoints properly.
- Take a look at how the Spring Security and Spring Security OAuth2 projects are wired up in the module.
- Take a look at authentication scheme used by SMART Apps and identify how OAuth2 module can serve as the authentication manager for such apps apps .
- Come up with timeline along with how each week has used to develop the module to meet with required goals.
- Create tickets in JIRA for tasks to be completed during GSoC.
...
While not mandatory at all, it would be great help if you include the following in your proposals:
- UI for the module with a list of all SMART applications with the feature to launch them directly from the EHR.
- UML Sequence Diagram for a SMART app communicating with OpenMRS FHIR module after authenticating through OAuth2 module. (Both standalone-launch and EHR-launch flow).
- Use-case diagram for all the involved actors.
- SMART OWA with various use cases.
Requirements
- Good Java and React skills.
- Familiarity with J2EE web programming (e.g., JSPs)Ability to learn and work with OpenMRS REST APIs and FHIR Module with HAPI
- Familiarity / willing to learn OAuthOAuth2.
- Soft skills to interact with the HAPI and FHIR community and OpenMRS community in order to gather requirements and technical feedback.
- Learn SMART Apps.
Resources
- Understanding OAuth2 : https://tools.ietf.org/html/rfc6749
- http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html
- UI Framework Guide : UI Framework Step By Step Tutorial[https://wikiopenmrs.openmrsatlassian.orgnet/wiki/display/docs/UI+Framework+Step+By+Step+Tutorial]
- SMART on FHIR[http://docs.smarthealthit.org/]
- Authorization Guide[http://docs.smarthealthit.org/authorization/]
- Scopes and Launch ContextContext [http://docs.smarthealthithl7.org/authorizationfhir/smart-app-launch/scopes-and-launch-context/index.html]
- https://wiki.openmrs.org/display/projects/FHIR+OAuth +Smart+Apps+Integration+and+OAuth+ module + enhancements and SMART apps support
- OpenMRS - OAuth2 Module
- https://wikipkatgithub.openmrsgithub.org/display/projects/OAuth2+Moduleio/GSoC-2018-Final-Evaluations/
- mavrk.github.io/GSOC-2017-final/
...