Project - Hybrid App with Image Processing

Hi @brady.miller @sjpadgett @im-Amitto,

As far as standards and existing solutions go, OpenID Connect is a popular standard to use for authentication and authorization, whether it’s for a browser, mobile client, or desktop client.

OpenID Connect builds on the OAuth2 authorization standard to provide both authentication and authorization. OAuth2 does a great job of supporting authorization by allowing a user to grant or revoke an app’s access to his/her data. OpenID “sits on top of OAuth2” and provides an authentication workflow. The value is that you can handle authorization AND authentication in a uniform fashion using the same framework.

The current “best practice” for mobile applications is to use a Proof Key for Code Exchange (PKCE) workflow.

This article provides a walkthrough of wiring up an Android app to use a framework called AppAuth, which is a “best” practices implementation of OpenID Connect and OAuth2. It may be helpful to review this article along with some content from Auth0 and Okta to see how other folks are handling this use-case.

To Brady’s point, OpenEMR will need to store some type of identifier/metadata to support this. If an OpenID Connect compliant solution can be implemented, OpenEMR will have a secure and “industry standard” means of authenticating mobile apps.

2 Likes

@brady.miller
How should i progress on this?

hi @im-Amitto , For now, would store the credentials in the app (and grab a new token whenever the current one expires); not ideal, but then you can keep working on the app. Then can figure out best course of action in regards to @dixonwhitmire 's very nice pointers after @sjpadgett weighs in on this.

Would it be too hard to interface with the database? In this case it would be best to use mysql. How about thinking about the future?
I am interested in getting openemr to work with Mysql 8. As soon as I am able to get it up and running.
Right now I am fighting with a blank screen.
Sandra

Ok, i will just store the credentials for now :slight_smile:

1 Like

I would like to help you fixing the blank screen but can you provide me with a few more details.

1 Like

yes please. But I will create a new thread.

Just to add . . If the OpenEMR community does take on implementing OpenID/OAuth2 down the line, it may be best to factor out that functionality into separate project to keep things modular. If the solution is deemed to be too heavy a lift, there may be a viable and secure alternative in the Android/mobile eco-system. Unfortunately I don’t work in the mobile space so I don’t have firsthand experience with the solutions.

That’s right thing to do :sunny:

1 Like

Hi, here is the new thread:

thanks a lot
Sandra

@brady.miller @sjpadgett @stephenwaite @RachelEllison
Check this out. It’s just a first step toward ocr support. For now i am planning to using it for reading medicine name but it can be used at many other places. Also, i have just completed the chat UI, currently it’s missing the backend so not posting it for now.
Language: Go

2 Likes

@brady.miller @sjpadgett @stephenwaite @RachelEllison
A New update:
Heart beat monitor. It’s ready to use but i will update it for better accuracy.

@yashrajbothra @stu01509
What you think about a video call with mentors who helped us in achieving this feat.

2 Likes

Sounds Amazing :smiley: Eitherway we can join weekly zoom call this saturday :slight_smile:

3 Likes

Sound great, If mentors needed video call, I can participant :slight_smile:

1 Like

@brady.miller I am planning to build a stable version by end of this week and based on the app features i do need a login API for patients too but i am not sure if an API is available and if it’s what kind of data a patient have access to.

hi @im-Amitto , I’ve been putting some thought into adding patient support to the current API. Considering adding another route (api/fhir/portal) that would support calls by patients. It would follow same login/permissions as current patient portal. It will force us to encapsulate the current patient portal authentication steps, which is something I’ve wanted to do for awhile (such as was done for the core/api auth in src/Common/Auth/AuthUtils.php awhile back). Plan to play around with this idea over next week or so.

2 Likes

Here very soon i’m going to be adding new authentication flows to openemr.
Plan is to support OpenId Connect, Password and Client grants types.
Will add roles to login such as:

  • Server
  • Patient
  • User
  • API
  • Application

OpenEMR will provide our own Auth provider for security and MFA. Luckily our current ACL engine gives us a good start.

Further discussion will be here: Authentication Improvements
Please jump in…

Hi,
if you’re referring to phpGACL library, I think it should be removed entirely
it is an abandoned project since 2006.
Why build the future of openemr on a dead thing?

Project may be dead but code is not. ACL if perfectly fine where we maintain the project.
I looked at replacing this several years back and decided umm, not me!:slight_smile:

However, if you want to take a shot at it, okay.

@zerai
Oh, a side note. I test integrated your composer modules farm awhile back and found it very useful.(just a couple integration issues)
I’d still like to see it brought into OpenEMR if you’d be willing to do the PR