Add AuthN to HAPI FHIR with OAuth2 Proxy, Nginx and Keycloak - Part 1

Introduction

In a previous post, I wrote about the steps I followed to start working with HAPI FHIR.

In this post, we'll add Authentication (AuthN) to HAPI FHIR with OAuth2 Proxy, Nginx and Keycloak.

HAPI FHIR

HAPI FHIR is an open source implementation of the HL7 FHIR standard for healthcare interoperability.

The easiest way to get started with HAPI FHIR is to use the HAPI FHIR JPA Server Starter Project. I created a fork of the repository and then cloned the fork. We will use the image from that fork:

FROM robferguson/hapi-fhir-au:7.6.0

In our Docker Compose configuration file:

  postgres:
    container_name: postgres
    build:
      context: ./services/postgres
      dockerfile: Dockerfile
    # restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-hapi-fhir}
      POSTGRES_USER: ${POSTGRES_USER:-admin}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-secret}

  hapi-fhir:
    container_name: hapi-fhir
    build:
      context: ./services/hapi-fhir
      dockerfile: Dockerfile
    # restart: unless-stopped
    environment:
      SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/${POSTGRES_DB:-hapi-fhir}
      SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-admin}
      SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-secret}
      SPRING_DATASOURCE_DRIVERCLASSNAME: "org.postgresql.Driver"
      SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: "ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgresDialect"
    configs:
      - source: hapi
        target: /app/config/application.yaml
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

volumes:
  postgres_data:
    driver: local

configs:
  hapi:
    file: ./hapi.application.yaml
    # file: hapi.application-fhir-au-core-1.0.0-preview.yaml

See: docker-compose.yml

The .env file:

PROTOCOL=http
POSTGRES_DB=hapi-fhir
POSTGRES_USER=admin
POSTGRES_PASSWORD=secret

See: .env

Note: Docker will look for your .env file in the same directory as your Docker Compose configuration file.

Source Code

• GitHub: HAPI FHIR AU with Auth Starter Project

Resources

• HAPI FHIR: Website
• HAPI FHIR: Documentation
• Google Group: HAPI FHIR

References

• okta Developer: Add Auth to Any App with OAuth2 Proxy