Skip to content
This repository has been archived by the owner on Apr 13, 2023. It is now read-only.

A role based access control implementation of the FHIR Works on AWS framework, utilizing Cognito and User Groups to perform authorization

License

Notifications You must be signed in to change notification settings

awslabs/fhir-works-on-aws-authz-rbac

fhir-works-on-aws-authz-rbac

This GitHub repository has been migrated. You can now find FHIR Works on AWS at https://github.com/aws-solutions/fhir-works-on-aws.

Purpose

Please visit fhir-works-on-aws-deployment for overall vision of the project and for more context.

This package is an implementation of the authorization interface from the FHIR Works interface. It uses role based access control (RBAC) to limit access to certain resource types and what operations one can do on those resource types. Cognito User Groups are used to determine which roles the user has. The User Group information is passed along in the OAuth access token when a user makes a request to the FHIR API. This means that the user must correctly obtained an access token from Cognito by using scopes of either:

  • openid profile Must have both
  • aws.cognito.signin.user.admin

To use and deploy this component (with the other 'out of the box' components) please follow the overall README

Infrastructure

This package assumes certain infrastructure:

  • Cognito - is our idP
    • Users - created and managed inside of Cognito
    • User Groups - Used to determine which role the users have
    • OAuth - Used to provide an access token to the user. To understand the flow more see this link

Usage

For usage please add this package to your package.json file and install as a dependency. For usage examples please see the deployment component's package.json

Authorization rules

The rules are defined very simply and are in this format:

{
  <name-of-role>: {
    operations: [<array-of-operations-that-can-be-performed>],
    resources: [<array-of-resource-types>]
  }
}

For a working example please see RBACRules.ts in the deployment package

Dependency tree

This package is dependent on:

Known issues

For known issues please track the issues on the GitHub repository

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

About

A role based access control implementation of the FHIR Works on AWS framework, utilizing Cognito and User Groups to perform authorization

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published