-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: add Epic vendor quirk to pass Epic-Client-ID #249
Conversation
cumulus_etl/fhir/fhir_auth.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is nothing new or interesting in this file - I just broke out some of the auth abstraction and helpers into here, because fhir_client.py
was starting to feel too big.
class ServerType(enum.Enum): | ||
UNKNOWN = enum.auto() | ||
CERNER = enum.auto() | ||
EPIC = enum.auto() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New piece 1/3
file=sys.stderr, | ||
) | ||
raise SystemExit(errors.BASIC_CREDENTIALS_MISSING) | ||
async def _read_capabilities(self) -> None: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New piece 2/3
# Epic wants to see the Epic-Client-ID header, especially for non-OAuth flows. | ||
# (but I've heard reports of also wanting it in OAuth flows too) | ||
# See https://fhir.epic.com/Documentation?docId=oauth2§ion=NonOauth_Epic-Client-ID-Header | ||
if self._server_type == ServerType.EPIC and self._client_id: | ||
headers["Epic-Client-ID"] = self._client_id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New piece 3/3
57820a0
to
1a72e77
Compare
# Assume utf8 is acceptable -- we should in theory also run these through Unicode normalization, in case they | ||
# have interesting Unicode characters. But we can always add that in the future. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i cannot believe you're not just assuming that someone is putting emoji into their username!
I've tested that this sends the header to the Epic sandbox and doesn't do it for the Cerner sandbox. But I have never experienced the case where Epic requires this header (and to get a user/password to test the non-OAuth flow that does require it would require asking that of the Epic security team). So I'm just going to assume this is great. We can hear from our partners on Epic about its efficacy. Seems harmless and likely to work (based on reports of them patching this in basically).
Checklist
docs/
) needs to be updated