Skip to content
Launcher for SMART apps
JavaScript HTML TypeScript CSS Dockerfile
Branch: master
Clone or download
Vladimir Ignatov
Vladimir Ignatov Added GitHub link
Latest commit 2ec9636 Aug 5, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Initial commit Apr 12, 2018
.vscode small fixes Feb 5, 2019
env #15 Jun 19, 2019
src Merge pull request #22 from Juxly/feature/includeEtagAndLocationHeaders Aug 5, 2019
static Added GitHub link Aug 5, 2019
test #13 Jun 20, 2019
tests Initial commit Apr 12, 2018
.dockerignore Added dockerignore file May 8, 2018
.gitignore Small fixes Feb 5, 2019
.nvmrc Updates for r4 #15 Jun 4, 2019
Dockerfile #15 Jun 19, 2019
LICENSE Add license May 16, 2018
README.md Added Dockerfile May 8, 2018
benchmark.js Fixes #10 Feb 19, 2019
cert.csr Initial commit Apr 12, 2018
nightwatch.conf.js Initial commit Apr 12, 2018
package-lock.json Build correct auth paths #11 Feb 5, 2019
package.json Build correct auth paths #11 Feb 5, 2019
private-key.pem Initial commit Apr 12, 2018
public-key.pem Initial commit Apr 12, 2018
selenium-download.js Initial commit Apr 12, 2018

README.md

SMART/FHIR proxy server and app launcher

Launcher for SMART apps

OIDC Keys generation

To generate new private and public keys make sure you have openssl (comes pre-installed with the Mac), cd to the project root and execute:

npm run cert

Then re-start the server and it will use the new keys.

OIDC Token verification

If you want to verify the tokens follow this procedure:

  1. Point your server to /.well-known/openid-configuration/. This should render a JSON with a link to another file like this:
{
    "jwks_uri": "http://localhost:8443/keys"
}
  1. Follow that link and it should return an array with one or more JWK keys like this:
{
    "keys": [
        {
            "alg": "RS256",
            "kid": "9c37bf73343adb93920a7ae80260b0e57684551e",
            "use": "sig",
            "kty": "RSA",
            // ...
        }
    ]
}
  1. Use the first key and extract the public key out of it. To do so, you can use tools like https://github.com/Brightspace/node-jwk-to-pem. Something like this would be the basic example:
const JWK_KEY = getJwkKeySomehow(); // as described above
const ID_TOKEN = getIdTokenSomehow();
try {
    jwt.verify(ID_TOKEN, jwkToPem(JWK_KEY), { algorithms: ["RS256"] });
} catch (ex) {
    // Cannot verify the token...
}

Libraries like https://www.npmjs.com/package/jwks-rsa can be used to automate this process.

Notes about jwt.io

People often use https://jwt.io/ to generate and validate tokens. However, it seems that the RS256 signature verification feature expects you to paste x.509 formatted public key or certificate and does not work with PEM-encoded PKCS#1 public keys. For that reason, if you want to manually verify your token at https://jwt.io/, you will need to provide the original x.509 version of the public key that you can find at the /public_key endpoint of the server.

Using Docker

docker run -t -p 9009:80 smartonfhir/smart-launcher:latest
You can’t perform that action at this time.