Skip to content

Commit

Permalink
Update readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@vlad-ignatov
vlad-ignatov committed Jun 24, 2021
1 parent 92d4fd8 commit e13e49f
Showing 1 changed file with 43 additions and 37 deletions.
80 changes: 43 additions & 37 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,54 @@
# SMART/FHIR proxy server and app launcher
Launcher for SMART apps

## OIDC Keys generation
To generate new private and public keys make sure you have `openssl` (comes pre-installed with the Mac), `cd` to the project root and execute:
## Installation
Make sure you have `Git` and `NodeJS` 16 or higher, and then run:
```sh
git clone https://github.com/smart-on-fhir/smart-launcher.git
cd smart-launcher
npm i
```

## Usage

You can use existing NPM scripts from within the project folder for common tasks:
### Start the server
```sh
npm start
```
Note that this will fail until you create a `.env` file with some required settings. Minimal example (only the required settings):
```
FHIR_SERVER_R2="https://r2.smarthealthit.org"
FHIR_SERVER_R3="https://r3.smarthealthit.org"
FHIR_SERVER_R4="https://r4.smarthealthit.org"
PICKER_CONFIG_R2="r2"
PICKER_CONFIG_R3="r3"
PICKER_CONFIG_R4="r4"
```

### Test
To run the tests execute
```sh
npm test

# or this to also generate a coverage report
npm run test:cover
```

### Develop
If you want to modify something run
```sh
npm run dev
```
This will watch for changes and restart the server automatically. It will also run the tests on every change.

### OIDC Keys generation
To generate new private and public keys make sure you have `openssl` (comes pre-installed on Mac), `cd` to the project root and execute:
```sh
npm run cert
```
Then re-start the server and it will use the new keys.

## OIDC Token verification
If you want to verify the tokens follow this procedure:
1. Point your server to `/.well-known/openid-configuration/`. This should render a JSON with a link to another file like this:
```json
{
"jwks_uri": "http://localhost:8443/keys"
}
```
2. Follow that link and it should return an array with one or more JWK keys like this:
```js
{
"keys": [
{
"alg": "RS256",
"kid": "9c37bf73343adb93920a7ae80260b0e57684551e",
"use": "sig",
"kty": "RSA",
// ...
}
]
}
```

3. Use the first key and extract the public key out of it. To do so, you can use tools like https://github.com/Brightspace/node-jwk-to-pem. Something like this would be the basic example:
```js
const JWK_KEY = getJwkKeySomehow(); // as described above
const ID_TOKEN = getIdTokenSomehow();
try {
jwt.verify(ID_TOKEN, jwkToPem(JWK_KEY), { algorithms: ["RS256"] });
} catch (ex) {
// Cannot verify the token...
}
```
Libraries like https://www.npmjs.com/package/jwks-rsa can be used to automate this process.

### Notes about jwt.io
People often use https://jwt.io/ to generate and validate tokens. However, it seems that the RS256 signature verification feature expects you to paste `x.509` formatted public key or certificate and does not work with PEM-encoded PKCS#1 public keys. For that reason, if you want to manually verify your token at https://jwt.io/, you will need to provide the original x.509 version of the public key that you can find at the `/public_key` endpoint of the server.

Expand Down

0 comments on commit e13e49f

Please sign in to comment.