GithubHelp home page GithubHelp logo

barabo / smart-launcher Goto Github PK

View Code? Open in Web Editor NEW

This project forked from smart-on-fhir/smart-launcher

1.0 2.0 0.0 13.89 MB

Launcher for SMART apps

License: Other

JavaScript 64.17% HTML 29.43% CSS 2.09% TypeScript 4.06% Dockerfile 0.24%

smart-launcher's Introduction

SMART/FHIR proxy server and app launcher

Launcher for SMART apps

OIDC Keys generation

To generate new private and public keys make sure you have openssl (comes pre-installed with the Mac), cd to the project root and execute:

npm run cert

Then re-start the server and it will use the new keys.

OIDC Token verification

If you want to verify the tokens follow this procedure:

  1. Point your server to /.well-known/openid-configuration/. This should render a JSON with a link to another file like this:
{
    "jwks_uri": "http://localhost:8443/keys"
}
  1. Follow that link and it should return an array with one or more JWK keys like this:
{
    "keys": [
        {
            "alg": "RS256",
            "kid": "9c37bf73343adb93920a7ae80260b0e57684551e",
            "use": "sig",
            "kty": "RSA",
            // ...
        }
    ]
}
  1. Use the first key and extract the public key out of it. To do so, you can use tools like https://github.com/Brightspace/node-jwk-to-pem. Something like this would be the basic example:
const JWK_KEY = getJwkKeySomehow(); // as described above
const ID_TOKEN = getIdTokenSomehow();
try {
    jwt.verify(ID_TOKEN, jwkToPem(JWK_KEY), { algorithms: ["RS256"] });
} catch (ex) {
    // Cannot verify the token...
}

Libraries like https://www.npmjs.com/package/jwks-rsa can be used to automate this process.

Notes about jwt.io

People often use https://jwt.io/ to generate and validate tokens. However, it seems that the RS256 signature verification feature expects you to paste x.509 formatted public key or certificate and does not work with PEM-encoded PKCS#1 public keys. For that reason, if you want to manually verify your token at https://jwt.io/, you will need to provide the original x.509 version of the public key that you can find at the /public_key endpoint of the server.

Using Docker

docker run -t -p 9009:80 smartonfhir/smart-launcher:latest

smart-launcher's People

Contributors

barabo avatar davidvaccaro avatar dependabot[bot] avatar gotdan avatar holmesie avatar james-ingold avatar jmandel avatar kherock avatar vlad-ignatov avatar

Stargazers

 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.