WellData Implementation Guide
0.1.0 - ci-build

WellData Implementation Guide - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Client Authentication

In order for applications to access pod resources, they need to authenticate themselves and receive an access token and id token to be used to exchange for another access token, with which they can access the pod. Each application has a WebId associated with it. In We Are application are registered in the We Are IDP. This is an IDP specifically for applications, which allows applications to identify themselves. Clients are authorized via the client credentials flow to receive an access token.

Authorization of the client by the Client Credentials flowAuthorization of the client by the Client Credentials flowWelldata BEWe Are IDPWelldata BEWelldata BEWe Are IDPWe Are IDPWe Are Client Credentials flowGET https://openid.we-are-acc.vito.be/tokenaccess token and id token

The token endpoint is called with the following parameters:

  • grant_type: client_credentials
  • client_id: the client Id from the application registered in the We Are IDP
  • client_secret: accompanying secret for the client Id

In order to access the resource in the pod, the client needs to exchange it's token for yet another token by calling the UMA service of Inrupt.

In the We Are Demo backend application the client credentials flow is automatically executed and uses the following environment variables:

WEARE_OIDC_CLIENT_ID
WEARE_OIDC_CLIENT_SECRET