In comparison to our previous, fully API-based implementation, current auth-service version fully supports OAuth2 PKCE-based authorization flow and thus contains UI (Frontend) part to interact with users and backend API to interact with applications (Web or Mobile). The only supported way to authenticate users is an interactive login: this is why auth-service now contains UI part.
Not that at first new login attempt each user should empty cache.
Please check the video for the mHealthINX project. In order to access the API's please use https://mhealthinx-backend.medvision360.org/v2/api-docs. Check at the bottom of this page if you need help.
We fix languages and Swagger API asap.
Please check the video for the Agewell projects and for Swagger Json use:
Connecting to the medsafe api from another server api
Connecting to the medsafe API from another server API. Also it shows how to get the data from any of our endpoints, and how to find out our swagger documentation
OAuth2 specification can be found here:
OAuth2 RFC (Common): https://tools.ietf.org/html/rfc6749
OAuth2 PKCE RFC: https://tools.ietf.org/html/rfc7636
OAuth2 specification for mobile and SPA applications:
OAuth2 for Native Apps: https://tools.ietf.org/html/rfc8252
Prerequisites:
Application owner should generate unique application “clientId” to be identified in the OAuth system.
Web application should contain callback page/URL to catch data from OAuth2 UI. Mobile application should generate callback URL according to the one of the schemes described in the chapter 7 of “OAuth2 for Native Apps” specification.
Flow:
User opens web or mobile application. If it’s not logged in, user can press some button to log in or the application can start log in process automatically. Application generates random unique code_verifier string and remembers it.
User is redirected to OAuth2 UI webpage in existing browser tab/window, popup window, custom browser tab (in mobile applications). Application sends following parameters in the QUERY_STRING of OAuth2 URL:
redirect_uri – Fully-qualified URL of the callback page
client_id – Unique application identifier
code (code_challenge) – string that contains code_verifier encryprted according to following scheme: code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) . See OAuth2 PKCE RFC for more details.
User enters the credentials (or uses “Sign-in with Google” button if enabled)
If enabled: user comes through two-factor authentication process
OAuth2 UI generates unique authorization code, adds it as a “code” parameter to the callback “redirect_uri” URL and redirects user back to the application using callback URL.
Application reads authorization code from the URL.
Application sends client_id, redirect_uri (from step 2), code_verifier (from step 1) and authorization_code (from step 5) to the token endpoint of the OAuth2 API.
Token endpoints validates parameters and generates access_token and refresh_token as earlier.
Application performs requests to API using existing Authorization/Bearer scheme.
OAuth2 supports only interactive user login flow. It means that every application (web, desktop or mobile) is strongly advised to use the flow according to “OAuth2 for Native Apps” RFC using OAuth2 UI of auth-service.
But if you need to avoid interactive login for some reason, your application needs to simulate functionality of OAuth2 UI and call OAuth2 API sign-in endpoints directly with extended list of parameters (see Swagger docs for details) instead of steps 1-4. After receiving API response with redirect_uri parameter, application should follow the flow starting from step 5.
We have decided to migrate the Admin Panel to the MedSafe 2.0. To access the features from Admin Panel, please head on to the Medsafe 2.0 application. As the development of Admin Panel has not been continued on it's own, and because of the introduction of OAuth2 it can no longer be accessed using the Admin Panel link.
As said, all feature from Admin Panel can now be find within the Medsafe 2.0. However, we are still in process of moving the visual Swagger API description to fully complete the Admin Panel migration. In case you need to reference the Swagger API, please do it manually by adding /v2/api-docs at the end of the url of the service you want to inspect. Then, use the full url in the browser or paste it inside https://editor.swagger.io/ for fully visual support.