Authentication Documentation

Welcome to the Medbackend Authentication documentation! This guide covers all aspects of authentication and authorization in Medbackend, from supported authentication systems to client requests and device authentication.

Recommended Reading Order

1. Authentication Architecture

   • Overview of security components
   • JWT validation workflow
   • RBAC engine structure
   • Compartment validators reference
   • Query handler security
   • Settings configuration

2. Client Request Guide

   • Client identity resolution
   • Minimal configuration requirements
   • Making authenticated requests
   • Common request patterns
   • Required headers
   • Identity management approach
   • Supported roles in Medbackend

3. Supported Authentication Systems

   • Azure AD B2C integration
   • FHIR identity mapping configuration
   • B2C portal setup steps
   • FHIR claim mapping examples
   • Troubleshooting guide

4. Device Authentication

   • Device authentication overview
   • Configuration requirements
   • Authentication flow
   • Token properties
   • FHIR integration
   • Security considerations
   • Implementation notes

5. FHIR Server Authentication

   • Development environment setup
   • Deployment environment configuration
   • Azure Identity protocol integration
   • Role assignment procedures
   • Azure CLI authentication
   • Managed identity usage

Quick Start

1. Review the Authentication Architecture to understand the overall security model
2. Follow the Client Request Guide to set up client authentication
3. Check Supported Authentication Systems to understand available authentication options
4. If you're working with medical devices, check Device Authentication
5. Configure FHIR server access using FHIR Server Authentication

Authentication Types

Medbackend supports multiple authentication methods:

• Azure AD B2C: For user authentication and identity management
• Device Authentication: For medical devices and systems
• FHIR Server Authentication: For backend communication with FHIR servers

Security Best Practices

• Keep authentication secrets secure
• Use environment variables for sensitive data
• Regularly rotate API keys and tokens
• Implement appropriate token expiry times
• Follow the principle of least privilege for role assignments

Additional Resources

• For Azure AD B2C setup, refer to Microsoft's documentation
• For FHIR server configuration, see Azure Health Data Services
• For development setup, check the Getting Started Guide

Support

If you need help with authentication:

• Review the troubleshooting sections in each document
• Check the example configurations
• Contact the development team for specific issues