FHIR Implementation Guides
Authentication Tutorial

Basic Auth

The simplest way to interact with Aidbox API from your confidential (backend) code is a Basic Auth
To start you have to register in Aidbox Auth Client with secret and basic flow enabled in this form:
Auth Client form
PUT Client/basic
Let's create AccessPolicy for this Client
PUT AcessPolicy/basic-policy
GET /Patient

Client Credentials Flow

Client get access by OAuth 2.0 Client Credentials flow
To start you have to register in Aidbox OAuth Client with secret and client_credentials flow enabled
OAuth Client form
Before you start - create a Client
And policy for this client

When you have a token!

Now using this access token we can query Aidbox

Resource Owner Flow

This flow works for mobile and desktop apps.
Before you start - create a Client and User

When you have a token!

Now using this access token we can query Aidbox

Authorization Code Flown

This flow works for web and single page apps
Before you start - create a Client and User
Now we have to go to authorize endpoint to get code

When you have a token!

Now using this access token we can query Aidbox

Implicit Flow

This flow works for single page apps. Before you start - create a Client
Now we have to go to authorize endpoint to get code

When you have a token!

Now using this access token we can query Aidbox

JWT Auth

If you use external server, which provides you with JWT access token - you can configure Aidbox to trust this JWT token and act as Resource Server
You can use for example this app to generate test JWT
First of all you have to register TokenIntrospector in Aidbox

SMART on FHIR Flow

When you have a token!

Now using this access token we can query Aidbox