Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Primary mentor

Backup mentor

Assigned to

Interested People

Final Project Talk Thread

Project Report


The OAuth2 module is functional with all grant types working against OpenMRS 2.x releases with work done in FHIR OAuth Smart Apps Integration . The objective of this project is to enhance the OAuth2 module by writing unit tests to increase code coverage, migrate from an XML based configuration to an Annotation based configuration wherever possible, upgrade Spring, Spring Security, Jackson and Hibernate dependencies to make sure the module works against the latest OpenMRS release. Another major goal is to fully integrate EHR-launch flow for the SMART applications. This functionality must be tested out against the FHIR module with SMART applications from the SMART App Gallery . Also, the module needs to add support for SMART app "launch scopes".


  • Upgrade Dependencies : Upgrade all the Spring, Spring Security, Hibernate, Jackson dependencies so that the module works against the latest OpenMRS release. As we have moved to Java8, Spring 4.x, Hibernate 4.x with the Platform 2.0 release, the OAuth2 module needs to be migrated to the latest tech stack. Please see the Platform Release notes [https://wikiopenmrs.openmrsatlassian.orgnet/wiki/display/RES/Platform+Release+Notes+2.1.2].
  • Roles and Launch Scopes : At present, the module doesn't support any launch scope (Patient/read, Patient/write, etc.) See Implementing these launch scopes will make sure that the module works in accordance to the SMART Healthcare IT guidelines.
  • Switch to Annotations where possible : Annotation based configuration is more common in the new spring security releases as compared to their xml counterpart. They are easier to understand. At present Spring Security and Spring Security OAuth2 are configured purely via xml. We need to identify places where it would make sense to switch to Annotations instead.
  • EHR-launch flow : As of now, the module can only run SMART application running standalone. See To properly utilize the power of SMART apps, EHR-launch flow must be integrated in the module with all necessary UI additions.
  • Use-case implementation : Identify and Implement use-cases for different grant types. For instance, a basic SMART app can demonstrate using the OAuth2 module's Authorization Code Grant Type besides the interaction between OAuth2 and FHIR modules. Similarly, OWA module based app can demonstrate OAuth2 module's Implicit grant type while the OpenMRS Android Client can exploit the Resource Owner Password Credentials use case.
  • Increase Code Coverage : Write unit tests for the untested code and increase code coverage. Follow OpenMRS Unit Tests Conventions and also add raw test data.


  • Go through the OAuth specification (RFC 6749) and understand OAuth2 and it's grant types.
  • Go through the OAuth2 module and all child pages to see what work is already done.
  • Go through the project report from last year's GSoC.
  • Run the module on your machine and test it's functionality. 
  • Study the data structures for Client and ClientDevelopers in OAuth2,'
  • Go through the Client REST Controller and study all the REST Endpoints properly.
  • Take a look at how the Spring Security and Spring Security OAuth2 projects are wired up in the module.
  • Take a look at authentication scheme used by SMART Apps and identify how OAuth2 module can serve as the authentication manager for such apps 
  • Come up with timeline along with how each week has used to develop the module to meet with required goals. 
  • Create tickets in JIRA for tasks to be completed during GSoC.