Implement the OAuth2 Support for Web Services APIs
Primary mentor | Harsha Kumara |
Backup mentor | Suranga Kasthurirathne |
GSoC student | Mayank Sharma |
Abstract
The purpose of this project is to implement the OAuth2 support for the OpenMRS Webservices APIs. OAuth2 is welknown and popular standard in securing the webserives APIs where user can invoke services through access token without exposing their credentials. OpenMRS has two main web services projects which are OpenMRS restful web services module[5] and OpenMRS FHIR module[1]. So the main target is to implement the OAuth support for platform where OpenMRS act as a OAuth provider.
This requirement is mainly coming from OpenMRS FHIR module which OpenMRS has recently undertaken a commitment to implement FHIR in order to ensure better interoperability between healthcare systems. The OpenMRS FHIR module was developed as part of these efforts. Currently, there is need to support the OAuth2 for the FHIR Module.
Specification : https://tools.ietf.org/html/rfc6749
Requirements
- Good Java skills
- Familiarity with J2EE web programming (e.g., JSPs)
- Ability to learn and work with OpenMRS REST APIs and FHIR Module with HAPI
- Familiarity / willing to learn OAuth
- Soft skills to interact with the HAPI and FHIR community and OpenMRS community in order to gather requirements and technical feedback
Project champions
- Paul Biondich
- Grahame Grieve
- Josh Mandel (SMART Platform)
Objectives
- Go through the OAuth specification and understand OAuth2 and it's grant types
- Go through the available samples in web to understand the implementation(6).
- Develop OAuth based security module for OpenMRS
- Come up with set of UI mockups for application creation and authorization
- Create a new module following Creating Modules (improve the documentation if needed)
- Apply for a repository at https://github.com/openmrs and a JIRA project
- Create tickets in JIRA for tasks to be completed during GSoC
- Design and implement the module API layer
- API layer need to have a validateToken method which takes incoming token to check whether it's valid or not. The service will be a spring service where FHIR Module and Web Service module call to validate the incoming token.
- Design and implement the module OMOD layer
- OMOD layer should support for following endpoints (Twitter API tutorial will helpful in understanding below endpoints https://dev.twitter.com/oauth/overview). During the implementation we may simplify the endpoints
How FHIR and REST Module Interact
Extra credit
- Developing a client and demonstrating how different OAuth grant types can be support from the OAuth module