Skip to main content

Project Configuration Guide

Core Configuration Template

{
    "hostname": "localhost:8000", // Development environment
    "auth": {
        "systems": [
            {
                "type": "oauth",
                "parameters": {
                    "jwks_uri": "https://<tenant-name>.b2clogin.com/<tenant-id>/<policy-name>/discovery/v2.0/keys",
                    "issuer": "https://<tenant-name>.b2clogin.com/<tenant-id>/v2.0/"
                }
            }
        ]
    },
    "fhir": {
        "base_url": "https://<workspace>-<environment>.fhir.azurehealthcareapis.com"
    },
    "rbac": {
        "default_access": "Forbidden",
        "validation_rules": []
    }
}

Configuration Deep Dive

1. Authentication System

Azure AD B2C Setup Example:

# Get B2C policy endpoints
az ad b2c policy show --name B2C_1_signup_signin --query "metadata.jwks_uri"
az ad b2c policy show --name B2C_1_signup_signin --query "metadata.issuer"

Live Configuration Sample:

"auth": {
    "systems": [{
        "type": "oauth",
        "parameters": {
            "jwks_uri": "https://medb2c.b2clogin.com/abcd1234/v2.0/.well-known/keys?p=b2c_1a_signup_signin",
            "issuer": "https://medb2c.b2clogin.com/abcd1234/v2.0/",
            "audience": "app-registration-guid-here"
        }
    }]
}

2. FHIR Server Configuration

Validation Command:

curl -X GET "${FHIR_BASE_URL}/metadata" | jq .fhirVersion

3. RBAC Configuration

Basic Rule Example:

"rbac": {
    "default_access": "Allow",
    "validation_rules": [
            {
                "client_role": "Patient",
                "entity_name": "Patient",
                "operation": "create",
                "validator": "patient_compartment"
            },
    ]
}

Extended Configuration Options

Device Authentication

"device_auth": {
    "valid_keys": {
        "{DEVICE-NAME}": "base64-encoded-secure-key",
        "{DEVICE-NAME}": "another-base64-key"
    },
    "jwt_secret": "${DEVICE_JWT_SECRET}", // From environment variable
    "token_lifetime": 3600
}

Storage Configuration

"storage": {
    "connection_string": "DefaultEndpointsProtocol=https;AccountName=...",
}

Security Best Practices

  1. Secret Management:
"device_auth": {
    "jwt_secret": "$KEY_VAULT{med-secrets/device-jwt-key}"
}

Using Azure Key Vault reference

  1. Expected successful output:
✅ Valid configuration structure
✔ Verified FHIR server connection
✔ Verified 1 authentication system
⚠ Warning: No storage configuration found

Troubleshooting Table

SymptomLikely CauseVerification Command
401 UnauthorizedInvalid JWKS URIcurl -I $JWKS_URI
FHIR Connection FailedIncorrect base URLnc -zv <fhir-host> 443
RBAC Rules IgnoredValidation rule syntax errorpython -m json.tool config.json