Skip to content

HIEofOne/Trustee-Proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

public

public

 
 

views

views

 
 

.dockerignore

.dockerignore

 
 

.env

.env

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

core.mjs

core.mjs

 
 

do-install.sh

do-install.sh

 
 

docker-compose.yml

docker-compose.yml

 
 

env

env

 
 

index.mjs

index.mjs

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

settings.mjs

settings.mjs

 
 

Repository files navigation

Trustee Proxy

Trustee Proxy is a hosted server that provides several key functionalities that compliment Trustee Community

Installation

1. Gather all API keys for Doximity, open.epic, Bluebutton 2.0

  • have these ready for the installer in step 3
  • details on getting API keys are in the section More on Additional API Services
  • assume you have a domain name (mydomain.xyz) and email address needed for LetsEncrypt SSL (my@email.xyz)

2. Create a DigitalOcean Droplet with the minimum parameters:

  • size: 's-1vcpu-1gb',
  • image: 'ubuntu-22-10-x64'

3. Login to the console (should be root user) and enter this command:

git clone -b deploy --single-branch https://github.com/HIEofOne/Trustee-Proxy.git
cd Trustee-Proxy
./do-install.sh

More on Additional API Services (TBD)

Architecture

Trustee-Proxy is based around Docker containers. This repository source code is for the Trustee core which is express.js based application and served by Node.JS.

The docker-compose.yml (template found in docker-compose.tmp under the docker directory) defines the specific containers that when working together, allow Trustee to be able to fully featured (e.g. a bundle). Below are the different containers and what they do:

1. Traefik - this is the router, specifying the ports and routing to the containers in the bundle

2. CouchDB - this is the NoSQL database that stores all documents

3. DIDKit - this generates the verifiable credential

4. Watchtower - this service pulls and applies updates to all Docker Images in the bundle automatically without manager intervention

Developer API

Doximity Verifiable Credential endpoint

GET /doximity

Upon successful authentication with the Doximity API, a Verifiable Credential can then be issued to a Verfiable Credential wallet such as Sphereon. For GNAP claims gathering for Trustee-Community, this Verfiable Credential can then be presented from the wallet.

Begin SMART on FHIR flow

POST /oidc_relay
Content-Type: application/json
{
  "origin_uri": "https://my.emr.xyz/123?oidc=epic",
  "response_uri": "https://my.emr.xyz/123?oidc=epic",
  "type": "epic",
  "state": "5f809eef-0107-4b2f-8c14-9386b75234f2",
  "fhir_url": "https://haiku.wacofhc.org/FHIR/api/FHIR/R4/"
  "refresh_token": ""
}

where type can be "epic" or "cms_bluebutton" and "fhir_url" field is needed for "epic" type

If verified successfuly, Trustee-Proxy responds with:

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
"OK"

Client then redirects the browser to this endpoint:

GET /oidc_relay_start/5f809eef-0107-4b2f-8c14-9386b75234f2

Where the last path refers to the "state" value

The remainder of the OIDC OAuth 2.0 flow continues. Following sucessful authentication,

GET /oidc_relay/5f809eef-0107-4b2f-8c14-9386b75234f2

Whereupon the access token is provided for resource gathering by the client.

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
{
  "access_token": "023940293480293423"
}

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages