This setup a sample app that interacts with Azure Smart-on-FHIR.
Create Azure cloud account.
(Only needed if default subscription does not suite your need) Create Azure Subscription, view list of subscriptions here.
Create resource group (fhir-smart-on-fhir), view list of resource groups here.
Deploy Azure Health Data Services workspace using Azure portal (workspace name = azuresmartonfhir, region = northcentralus, using the resource group that is just created).
Deply FHIR service (service name = test-store, version = R4).
Enable SMART-on-FHIR for the deployed FHIR store.
Register FHIR service via App Registration on Azure Active Directory (renamed to Microsoft Entra ID). Application name = azure-smart-on-fhir. Other relevant doc
Configure RBAC for FHIR store.
cd azure-health-data-and-ai-samples/samples/smartonfhir
azd init #env name = smartonfhir-dev
# List users
powershell ../../../Get-UserInfo.ps1
# add claim to user
powershell ./scripts/Add-FhirUserInfoToUser.ps1 -UserObjectId "b0c27481-a11d-4e01-8f3a-b4484b9755de" -FhirUserValue "Patient/PatientA"
# Resolve err Unable to resolve X for net6.0
dotnet nuget add source --name nuget.org https://api.nuget.org/v3/index.jsonIt configures allowed oauth scopes on Azure AD, the allowed scopes and roles can be found here.
Gaps:
- Azure FHIR service allows configuring for CORS policies without relying on proxy
- Azure has IAM FHIR SMART user role, access granted to the users in this role will then be limited by the resources associated to their fhirUser compartment and the restrictions in the clinical scopes.
- Each user is the service account / IAM account
Their gap: need to add fhirUser claim to your test users. each user have one scope per app.
Track