Create a set of oAuth enabled endpoints that are able to authenticate a development (or PWA) build of OHIF against Sonador
Because there are issues in the CommonJS (script tag inclusion) method used for creating OHIF builds, Sonador should be able to also support PWA builds. (This will also allow for OHIF to run in a development configuration, which would greatly speed up support for specialized features -- such as 3D visualization -- in Sonador.)
Current endpoints:
- Redirect to a token based workflow with external identity provider
-
Needed
- Determine which oAuth workflow is supported by OHIF and the configuration required for it to work as expected.
- I ended up implementing a modified
authorization_code
workflow. Where the Sonador code workflow is used to retrieve the access token, create the account, and then forward to the token endpoint which redirects back to the OHIF application with the access and ID token values. - To ensure that the mechanism can't be hijacked by unapproved applications, an explicit white lists of redirects has been added to the authorization server.
- I ended up implementing a modified
- Creation of endpoints that will launch the process by OHIF without mediation from Sonador (first pass implementation, see oak-tree/medical-imaging/sonador!17)
- Determination of whether Sonador should continue to use CommonJS script inclusion or whether it's better to embrace the PWA build (preservation of the CommonJS would be ideal, but VTK and the segmentation plugins are needed presently and those only work in the PWA build)
- Determine which oAuth workflow is supported by OHIF and the configuration required for it to work as expected.