Authentication & Authorization
...
Even trusted systems like SHR or MCI or other DGHS apps, must register themselves with HRM system as organizations. for example as "SHR @ DGHS MIS" or "MCI @ DGHS MIS". An api token is created for systems and provided and configured with the system beforehand.
- Any invalid request with non-matching CLIENT_ID and X-Auth-Token, will result in HTTP 401 (unauthorized) error.
IdP API details
Login using IdP API
Panel borderStyle dashed Request :
POST http://{IdP-URL}/api/1.0/sso/signin
Headers :
client_id = {client id of the user representing the organization}
X-Auth-Token = {Secret API Token given to the user representing the Organization}
content-type :application/x-www-form-urlencoded
Form Data :
email = {user email}
password = {user password}
...
Example response on successful login (HTTP Status code 200)
Info {
"access_token": "UXmbhELOU47hC5bA7rvvtx2lMuePIF1kOTgyVAhcAX",
}
...
Example response on failed login (HTTP STATUS code 404)
Info {
"error": true,
"message": "Not authenticated",
"code": 401
}
Logout using IdP API
Panel borderStyle dashed Request :
POST http://{IdP-URL}/api/1.0/sso/signout/{access_token}
Headers :
client_id = {client id of the user representing the organization}
X-Auth-Token = {Secret API Token given to the user representing the Organization}
content-type :application/x-www-form-urlencoded
Form Data :
email = {user email}
password = {user password}
Get user info from access token
Panel borderStyle dashed Request :
GET http://{IdP-URL}/api/1.0/sso/token/{access_token}
Headers :
client_id = {client id of the user representing the organization}
X-Auth-Token = {Secret API Token given to the user representing the Organization}
...
For example: the following userinfo may be returned to the service provider, when they try to identify the requester (example, someone is trying to create/POST a patient). Note the profiles associated.
Code Block |
---|
{ "id": 6, "name": “Dr. X Y Z”, "email": "xyz@gmail.com", "is_active" : true, "activated": true, "activated_at": null, "last_login": "2015-01-20 09:52:58", "access_token": "xyz_token", "created_at": "2014-09-04 13:26:14", "updated_at": "2015-01-20 09:52:58", "deleted_at": null, "groups": ["MCI Admin", "API Consumer"], "profiles": [ { type: "provider", id: "123", catchment: ["302618","302614"] }, { type: "admin", id: "2", catchment: ["3026"] }, { type: "facility", id: "10000069", catchment: ["302618"] }, { type: "patient", id: "10091232131", catchment: [] } ] } |