question

LooFunk-8701 avatar image
0 Votes"
LooFunk-8701 asked LooFunk-8701 answered

Azure FHIR Proxy - cannot access through Postman

Hi,

I have created an instance of Azure API for FHIR with an Azure FHIR proxy following this tutorial:

https://github.com/microsoft/health-architectures/tree/master/FHIR/FHIRProxy##configuration

I am able to browse to the proxy URL through a browser after being prompted to log in to view the metadata as shown below:

69573-image.png


However, when trying to access it through the Postman API tool I keep getting the same error:

You do not have permission to view this directory or page.

I have tried generating an authorization Bearer token using the following:

69548-image.png


The authorization token looks fine, but when adding it to my API call it errors as shown below:

![69537-image.png][3]


Does anyone have any idea how I can successfully call my API with a proper authorization token that works or know a tutorial that actually explains this part of the process?
The tutorial does not give much information.

Thanks

azure-api-managementazure-api-fhir
image.png (33.1 KiB)
image.png (41.9 KiB)
image.png (55.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LooFunk-8701 avatar image
0 Votes"
LooFunk-8701 answered

Hi, I managed to fix the issue. I found that the resource ID was needed in the auth URL:

71646-image.png


This can be obtained from Enterprise Applications:

71616-image.png

Also, creating two separate app registrations:

71648-image.png



image.png (35.4 KiB)
image.png (30.5 KiB)
image.png (2.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered PramodValavala-MSFT commented

Looks like the FHIR Proxy is deployed with WebApp Authentication/Authorization (also called Easy Auth) enabled. If you have deployed as is too, the authentication flow is slightly different and is documented.

To quote the docs for reference, after getting the access token from Azure AD, you need to validate the token against easy auth which returns another authentication token that needs to be set in the X-ZUMO-AUTH header to make the actual request.

From the browser directly, a cookie is set with the required authentication token as mentioned in the same doc.


· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the reply. I have not seen X-ZUMO-AUTH mentioned in any tutorials regarding Azure FHIR API or proxy. I created a token and added it to the header using X-ZUMO-AUTH and it still did not work.

0 Votes 0 ·

@LooFunk-8701 It would be best to open an issue on this repo to update the steps for this scenario.

0 Votes 0 ·

@LooFunk-8701 There are actually three steps to it
1. Get token from Azure AD (same as you did)
2. Get Easy Auth specific token as shown here
3. Use token from #2 in the X-ZUMO-AUTH header

Could you confirm if you've tried the same?




0 Votes 0 ·

Hi @PramodValavala-MSFT , I can't use easy auth on the FHIR API app, I tried and got the following:

71430-image.png


0 Votes 0 ·
image.png (104.3 KiB)
Show more comments