Authentication Tutorial

Basic Auth
The simplest way to interact with Aidbox API from your confidential (backend) code is a Basic Auth
To start you have to register in Aidbox Auth Client with secret and basic flow enabled in this form:
Auth Client form
PUT Client/basic
Let's create AccessPolicy for this Client
PUT AcessPolicy/basic-policy
GET /Patient
Client Credentials Flow
Client get access by OAuth 2.0 Client Credentials flow
To start you have to register in Aidbox OAuth Client with secret and client_credentials flow enabled
OAuth Client form
Before you start - create a Client
And policy for this client
When you have a token!
Now using this access token we can query Aidbox
Resource Owner Flow
This flow works for mobile and desktop apps.
Before you start - create a Client and User
When you have a token!
Now using this access token we can query Aidbox
Authorization Code Flown
This flow works for web and single page apps
Before you start - create a Client and User
Now we have to go to authorize endpoint to get code
/auth/authorize?client_id=web-app&response_type=code
When you have a token!
Now using this access token we can query Aidbox
Implicit Flow
This flow works for single page apps. Before you start - create a Client
Now we have to go to authorize endpoint to get code
/auth/authorize?client_id=web-app&response_type=code
When you have a token!
Now using this access token we can query Aidbox
JWT Auth
If you use external server, which provides you with JWT access token - you can configure Aidbox to trust this JWT token and act as Resource Server
You can use for example this app to generate test JWT__
First of all you have to register TokenIntrospector in Aidbox
SMART on FHIR Flow
When you have a token!
Now using this access token we can query Aidbox

Last modified 2mo ago