Handling authentication
Authentication has typically been handled in a project by project basis at Jembi. We would like to start moving towards an aligned approach. Here are some guidelines to start moving us towards that goal:
- If possible, use OpenID connect for authentication.
- If possible, use OAuth 2.0 for delegated authorization.
- Jembi has written an OpenID provider for the HealthConnect project, access that to see if it would suit your needs. In the long run it would be great to move this toward being a generic tool that we can use throughout Jembi projects.
- OAuth and OpenID connect have many open source clients that you can make use of in client applications so the burden on the application developer is much less.
- Have a look at the SMART Health IT authorization documentation and see if you can apply those standards to your project.