Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Authentication & Authorization

...

  • Even trusted systems like SHR or MCI or other DGHS apps, must register themselves with HRM system as organizations. for example as "SHR @ DGHS MIS" or "MCI @ DGHS MIS".  An api token is created for systems and provided and configured with the system beforehand.

  •  Any invalid request with non-matching CLIENT_ID and X-Auth-Token, will result in HTTP 401 (unauthorized) error.


IdP API details

  1. Login using IdP API

    Panel
    borderStyledashed

    Request :

    POST http://{IdP-URL}/api/1.0/sso/signin

    Headers :

    client_id = {client id of the user representing the organization}
    X-Auth-Token = {Secret API Token given to the user representing the Organization}
    content-type :application/x-www-form-urlencoded

    Form Data :

    email = {user email}
    password = {user password}

...

  1.  Example response on successful login (HTTP Status code 200)

    Info
    {
      "access_token": "UXmbhELOU47hC5bA7rvvtx2lMuePIF1kOTgyVAhcAX",
    }

...

  1. Example response on failed login (HTTP STATUS code 404)

    Info

    {

       "error": true,

       "message": "Not authenticated",

       "code": 401

    }

  2. Logout using IdP API 

    Panel
    borderStyledashed

    Request :

    POST http://{IdP-URL}/api/1.0/sso/signout/{access_token}

    Headers :

    client_id = {client id of the user representing the organization}
    X-Auth-Token = {Secret API Token given to the user representing the Organization}
    content-type :application/x-www-form-urlencoded

    Form Data :

    email = {user email}
    password = {user password}

     

  3. Get user info from access token

    Panel
    borderStyledashed

    Request :

    GET http://{IdP-URL}/api/1.0/sso/token/{access_token}

    Headers :

    client_id = {client id of the user representing the organization}
    X-Auth-Token = {Secret API Token given to the user representing the Organization}

...

For example: the following userinfo may be returned to the service provider, when they try to identify the requester (example, someone is trying to create/POST a patient). Note the profiles associated. 

Code Block
{
    "id": 6,
    "name": “Dr. X Y Z”,
    "email": "xyz@gmail.com",
    "is_active" : true,    
    "activated": true,
    "activated_at": null,
    "last_login": "2015-01-20 09:52:58",
    "access_token": "xyz_token",
    "created_at": "2014-09-04 13:26:14",
    "updated_at": "2015-01-20 09:52:58",
    "deleted_at": null,
    "groups": ["MCI Admin", "API Consumer"], 
    "profiles": [
      { 
         type: "provider",
         id: "123",
         catchment: ["302618","302614"]
      },
      {
         type: "admin",
         id: "2",
         catchment: ["3026"]
      }, 
      {
         type: "facility",
         id: "10000069",
         catchment: ["302618"]
      },
      {
         type: "patient",
         id: "10091232131",
         catchment: []
      }
    ]    
}