Use ITI-103 to configure IUA

Part of #176
i4mi · Sep 6, 2024 · 28dc403 · 28dc403
1 parent 2e4230e
commit 28dc403
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 8 deletions.
diff --git a/angular/src/app/fhirConfig.service.ts b/angular/src/app/fhirConfig.service.ts
@@ -69,6 +69,20 @@ export class FhirConfigService {
     return new FhirClient({ baseUrl: this.getMobileAccessGatewayService() });
   }
 
+  async getAuthCodeFlowConfigFromMetadata(metadataUrl: string): Promise<AuthConfig> {
+    const metadata = await fetch(metadataUrl).then(r => r.json());
+    console.log(metadata);
+    return {
+      loginUrl: metadata.authorization_endpoint,
+      tokenEndpoint: metadata.token_endpoint,
+      clientId: this.getClientSecret(),
+      redirectUri: location.origin + location.pathname,
+      responseType: 'code',
+      showDebugInformation: true,
+      timeoutFactor: 0.75,
+    } as AuthConfig;
+  }
+
   getAuthCodeFlowConfig(provider: string): AuthConfig {
     const idpAlias = provider ? ("/alias/" + provider) : "";
     return {

diff --git a/angular/src/app/mag/mag.component.ts b/angular/src/app/mag/mag.component.ts
@@ -567,24 +567,26 @@ export class MagComponent implements OnInit {
       });
   }
 
-  onAuthenticate() {
+  async onAuthenticate() {
     this.cache();
     this.scopes = null;
-    const authCodeFlowConfig = this.fhirConfigService.getAuthCodeFlowConfig(this.provider.value);
+    const authCodeFlowConfig = await this.fhirConfigService.getAuthCodeFlowConfigFromMetadata('https://ehealthsuisse.ihe-europe.net/iua-simulator/rest/ch/.well-known');
+    console.log(authCodeFlowConfig);
+    authCodeFlowConfig.scope = `person_id=${this.targetIdentifier2Value}^^^&2.16.756.5.30.1.127.3.10.3&ISO purpose_of_use=urn:oid:2.16.756.5.30.1.127.3.10.5|NORM subject_role=urn:oid:2.16.756.5.30.1.127.3.10.6|`;
     if (this.authenticate.value === 'HCP') {
-      authCodeFlowConfig.scope = `person_id=${this.targetIdentifier2Value}^^^&2.16.756.5.30.1.127.3.10.3&ISO purpose_of_use=urn:oid:2.16.756.5.30.1.127.3.10.5|NORM subject_role=urn:oid:2.16.756.5.30.1.127.3.10.6|HCP`;
+      authCodeFlowConfig.scope += `HCP`;
       localStorage.setItem(this.LS_OAUTH_CONF_KEY, JSON.stringify(authCodeFlowConfig));
       this.oauthService.configure(authCodeFlowConfig);
       this.oauthService.initCodeFlow();
-    }
-    if (this.authenticate.value === 'Patient') {
-      authCodeFlowConfig.scope = `person_id=${this.targetIdentifier2Value}^^^&2.16.756.5.30.1.127.3.10.3&ISO purpose_of_use=urn:oid:2.16.756.5.30.1.127.3.10.5|NORM subject_role=urn:oid:2.16.756.5.30.1.127.3.10.6|PAT`;
+    } else if (this.authenticate.value === 'Patient') {
+      authCodeFlowConfig.scope += `PAT`;
       localStorage.setItem(this.LS_OAUTH_CONF_KEY, JSON.stringify(authCodeFlowConfig));
       this.oauthService.configure(authCodeFlowConfig);
       this.oauthService.initCodeFlow();
-    }
-    if (this.authenticate.value === 'TCU') {
+    } else if (this.authenticate.value === 'TCU') {
       this.getSamlToken().then((value) => (this.json = value));
+    } else {
+      console.error("Unknown authentication type");
     }
   }