Project - Hybrid App with Image Processing

@yashrajbothra @stu01509
What you think about a video call with mentors who helped us in achieving this feat.

2 Likes

Sounds Amazing :smiley: Eitherway we can join weekly zoom call this saturday :slight_smile:

3 Likes

Sound great, If mentors needed video call, I can participant :slight_smile:

1 Like

@brady.miller I am planning to build a stable version by end of this week and based on the app features i do need a login API for patients too but i am not sure if an API is available and if it’s what kind of data a patient have access to.

hi @im-Amitto , I’ve been putting some thought into adding patient support to the current API. Considering adding another route (api/fhir/portal) that would support calls by patients. It would follow same login/permissions as current patient portal. It will force us to encapsulate the current patient portal authentication steps, which is something I’ve wanted to do for awhile (such as was done for the core/api auth in src/Common/Auth/AuthUtils.php awhile back). Plan to play around with this idea over next week or so.

2 Likes

Here very soon i’m going to be adding new authentication flows to openemr.
Plan is to support OpenId Connect, Password and Client grants types.
Will add roles to login such as:

  • Server
  • Patient
  • User
  • API
  • Application

OpenEMR will provide our own Auth provider for security and MFA. Luckily our current ACL engine gives us a good start.

Further discussion will be here: Authentication Improvements
Please jump in…

Hi,
if you’re referring to phpGACL library, I think it should be removed entirely
it is an abandoned project since 2006.
Why build the future of openemr on a dead thing?

Project may be dead but code is not. ACL if perfectly fine where we maintain the project.
I looked at replacing this several years back and decided umm, not me!:slight_smile:

However, if you want to take a shot at it, okay.

@zerai
Oh, a side note. I test integrated your composer modules farm awhile back and found it very useful.(just a couple integration issues)
I’d still like to see it brought into OpenEMR if you’d be willing to do the PR

If the problem is “human resource,” I’m with you, leave the library inside openemr.
But you should consider that “security” is the fastest sector/area in IT, it evolves on a daily basis, every year there is a new standard, openemr maintainers are able (in human cost terms) to follow that velocity? I hope, but it’s hard to believe because you need a working person only and exclusively for that.

In a few words, when you or Brady update the library code is for application need (login system, or other things). There is no update t external reasons like IT security standard OSWAP or other standards, new threats.

In the long term, the effort to integrate new security&auth features (stateless, OAuth, openId, ecc…) on old and not maintained library with bug is much bigger than a replacement with a well modern and maintained sec. Library. IMHO (pay the cost once VS pay forever)

Check the result on sonarcloud there are a couple versions of openemr, see the warning/stats/score in the security area.

(Sorry for typos, English is not my language)

I can give you admin auth for update or if you want move the repo…

@sjpadgett ,
I was gonna play around with making a new api route table (and other pieces) portal akin to api/fhir for support of a patient specific api. Does that make sense? Shouldn’t step on what your doing and there’s a good chance my work may end up in the wastebasket anyways :slight_smile:

Let me know if i can help in some way :slight_smile:

1 Like

Your English is great. My understanding is that English is the hardest second language to learn! lol, i’m still learning as first language…

I get your point though and I would never be opposed if somebody wanted to tackle the issue. However just now, I don’t have the energy. In the end, I may not even use our current ACL or decide to go a different way concerning permissions.

Thanks for input.

Ya missed my hint hint there.:slight_smile:
Anyway, I have the source and now you’ve given approval, i’ll integrate when I get back on modules.
I still need to adopt additional module install scheme besides composer installs.
For normal day to day users, composer installs are proving cumbersome.

Hi Brady,
You’re fine. I just wanted to let folks know we’re working new authentications to support mobile and especially FHIR.

2 Likes

@sjpadgett and @im-Amitto ,
Took a stab at the patient portal api:

1 Like

Patient portal rest api is now in the codebase :slight_smile:

Great

1 Like

@im-Amitto , Are you using the online demos to connect to or a local instance? I am pretty sure I’ll need to make a couple adjustments to the demo data to support connections (without the demo patient needing to login to the portal and verify). Just let me know and I can work on adding that.

I’m using a local instance.

1 Like