GCP Healthcare API - Attempting Authentication
Again, I’ve found this to be tricky, hence why I’m documenting here, to hopefully make it easier for someone else. Remember, we should now have a FHIR® store. The one I’ve setup exists at:
So I’ve probably thrown these words around and not completely understanding the difference, so, for your edification:
- Authentication: who you are
- Authorization: what you can do
- Auditing logs: what you did
This comes from Google’s page on Authentication. I think we should use OAuth 2.0 client (partly because that’s what SMART and most other authentication processes use), and because, it’s for, Accessing private data on behalf of an end user. Sounds exactly what we’re looking for. And google has an Authenticating as an end user page. It suggests we go to the IAM section of our project. Mine looks like this.
Clicking on ROLES and ADD, and then searching FHIR, gives me these options. I decided to go for Editor.
After this, go to the top left hamburger, and select APIs & Services, then go to Oauth consent screen. If you have an organization you can choose internal, but in order to test it, I’m going to choose external.
Fill out the information on the next page. Make sure you fill out all with a * (they’re mandatory!).
Click ADD OR REMOVE SCOPES, and add Cloud Healthcare API (you can just search for health).
Next page you can add users (this is done by their email). If you selected internal, they will need to have an email within the domain of your organization. Then review, and go BACK TO DASHBOARD and select Credentials -> +CREATE CREDENTIALS -> OAuth client ID.