The authentication service takes care of authenticating clients within the MEDrecord platform and allows other services to check the identity of a client making a request.
When an user is successfully identified by the authentication service it will provide the user with a token. This token is a digitally signed JSON Web Tokens (JWT) which must be passed with every request made to a service within the MEDrecord platform.
JWTs for MedRecord are issued by the AUTH service and can be obtained after successfull authentication.
A JWT can be obtained though one of the following methods:
When a valid JWT is obtained, it needs to be passed with every API call to the MedRecord services. The JWT can be passed using:
A JWT contains information about the user which can be decoded freely by anyone who has access to the JWT. The JWT can also be used by third party services to validate the identity of the caller by validating its signature using the public key provided by the AUTH service.
The JWT currently contains the following information:
The development servers have a special backdoor account enabled for quickly testing APIs. To use this backdoor account
the special JWT token
helloletmeinplease must be used.
When the service sees this special token, the request is authenticated using and
Trusted third party services which act on behalf of many users must use SSL Client Certificates to authenticate themselves. In this mode, the third party serviced is responsible for authenticating the user and enforcing any access restrictions.