This is the final project report/ presentation for GSOC 2017
Source-code for OAuth module: https://github.com/mavrk/openmrs-module-oauth2-prototype/tree/oauth2-pure-rest
Source-code for SMART app: https://github.com/mavrk/SMART-on-fhir-client
Source-code diff: https://github.com/maany/openmrs-module-oauth2/compare/oauth2-openmrs-1.11.x…mavrk:oauth2-pure-rest
This is only a project report, complete project documentation can be found here
Project Title : FHIR OAuth Smart Apps Integration and OAuth module enhancements
Primary Mentor : Mayank Sharma
Project Stats : 28 major commits, 1200+ lines of code (900+ additions and 300+ deletions)
The project invloved the following main tasks :
Migrate dependencies and configurations to be compatible with OpenMRS 2.x The module previously ran on OpenMRS 1.11 and worked with Spring Security 3. My initial task was to migrate the module to OpenMRS 2.x and use Spring 4 and Spring Security 4. This part took a lot longer than what me and Mayank thought. Spring Security is a complex framework and it’s compatibility issues with Spring versions are many. I had to remove all the deprecated code with new code and also fix some broken part of the code. A lot had changed from OpenMRS 1.11 to 2.X So I had to redo the whole OAuth Client data model and re-write some portions of the client.
Fix Grant Types This was one of the most challenging portions of the summer. The code was in-place, the procedure was right. Problem? Can’t get tokens . In my opinion, Spring Security, Spring Security OAuth are excellent frameworks but quite complex too. Spring uses Jackson to manage all output JSON requests. The tokens which were created and stored in the database, were not returned to the REST call response. Reason? Jackson. Jackson, Spring security oauth, Spring security and spring mvc taken altogether to do one thing created such a mess in finding the right version of everything. If I changed a version then thing X would break. Changing it back, would break Y. This cycle continued for some time, until I managed to find the right versions for everything.
Fix UI The previous module used UI extensively. Our initial plan was to scrap out the UI and introduce a controller to manage everything that UI did. However, the mid-term presentation came by and I had nothing other than token generation to show to the community. Then, we decided to keep the UI, make the presentation and later provide enough flexibility to the end-user to choose between REST based controller, UI or both . So I fixed everything wrong in the UI and completed it for the demo during mid-term.
You can see my mid-term demo here :
After the mid-terms the point of focus was the REST Controller. Using this controller, one could create, manage, view oauth clients without the UI. Which means that any OWA, Android app, iOS app, etc would be able to manage, create oauth clients and it won’t require opening OpenMRS on a browser and handing everything. Just like almost everything in this summer, the controller didn’t go as planned Problem? I wanted to return a client object as JSON response, however Jackson (which handles JSON outputs in Spring) gave the error “property leading to cycles”. Upon research I realized that Jackson depends on getter and setter methods of a class. My client inherited properties such as getCreator() , getVoidedBy() from the BaseOpenMrsData. getCreator() returns a User, the User also has a getCreator(), so that formed an infinite loop whenever getCreator() was called by Jackson. So what I did next was that I broke this loop by creating a new JacksonMappableClient. And now everyone was happy .
You can see a demo for the Client REST Controller here :
This was one of the main goals for the summer. Even if we managed to create the OAuth module, their was not a lot of application to it. Making a sample SMART on FHIR would give OpenMRS community a perfect use-case for our module. The application came by easily. There were a few blockers but nothing which would consume ‘days’ of debugging. I also made a custom CORS filter for the module to enable Cross-Origin requests if SMART application is hosted on a different server.
A demo of SMART on FHIR :
Proper project documentation : here
OpenMRS final presentation : Talk thread