forked from fhircast/sandbox.js
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SMARTlaunch.html
101 lines (88 loc) · 4.41 KB
/
SMARTlaunch.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<!DOCTYPE html>
<html>
<head>
<title>Simple Auth App - Launch</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
</head>
<body>
Sandbox performing SMART launch authentication...
<script>
// Change this to the ID of the client that you registered with the SMART on FHIR authorization server.
var clientId = "16cbfe7c-6c56-4876-944f-534f9306bf8b";
// For demonstration purposes, if you registered a confidential client
// you can enter its secret here. The demo app will pretend it's a confidential
// app (in reality it cannot be confidential, since it cannot keep secrets in the
// browser)
var secret = null; // set me, if confidential
// These parameters will be received at launch time in the URL
var serviceUri = getUrlParameter("iss");
var launchContextId = getUrlParameter("launch");
// The scopes that the app will request from the authorization server
// encoded in a space-separated string:
// 1. permission to read all of the patient's record
// 2. permission to launch the app in the specific context
var scope = [
"patient/*.read",
"launch"
].join(" ");
// Generate a unique session key string (here we just generate a random number
// for simplicity, but this is not 100% collision-proof)
var state = Math.round(Math.random()*100000000).toString();
// To keep things flexible, let's construct the launch URL by taking the base of the
// current URL and replace "launch.html" with "index.html".
var launchUri = window.location.protocol + "//" + window.location.host + window.location.pathname;
var redirectUri = launchUri.replace("launch.html","index.html");
// FHIR Service Conformance Statement URL
var conformanceUri = serviceUri + "/metadata"
// Let's request the conformance statement from the SMART on FHIR API server and
// find out the endpoint URLs for the authorization server
$.get(conformanceUri, function(r){
var authUri,
tokenUri;
var smartExtension = r.rest[0].security.extension.filter(function (e) {
return (e.url === "http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris");
});
smartExtension[0].extension.forEach(function(arg, index, array){
if (arg.url === "authorize") {
authUri = arg.valueUri;
} else if (arg.url === "token") {
tokenUri = arg.valueUri;
}
});
// retain a couple parameters in the session for later use
sessionStorage[state] = JSON.stringify({
clientId: clientId,
secret: secret,
serviceUri: serviceUri,
redirectUri: redirectUri,
tokenUri: tokenUri
});
// finally, redirect the browser to the authorizatin server and pass the needed
// parameters for the authorization request in the URL
window.location.href = authUri + "?" +
"response_type=code&" +
"client_id=" + encodeURIComponent(clientId) + "&" +
"scope=" + encodeURIComponent(scope) + "&" +
"redirect_uri=" + encodeURIComponent(redirectUri) + "&" +
"aud=" + encodeURIComponent(serviceUri) + "&" +
"launch=" + launchContextId + "&" +
"state=" + state;
}, "json");
// Convenience function for parsing of URL parameters
// based on http://www.jquerybyexample.net/2012/06/get-url-parameters-using-jquery.html
function getUrlParameter(sParam)
{
var sPageURL = window.location.search.substring(1);
var sURLVariables = sPageURL.split('&');
for (var i = 0; i < sURLVariables.length; i++)
{
var sParameterName = sURLVariables[i].split('=');
if (sParameterName[0] == sParam) {
var res = sParameterName[1].replace(/\+/g, '%20');
return decodeURIComponent(res);
}
}
}
</script>
</body>
</html>