<!DOCTYPE html><html> <head> <title>Simple Auth App</title> <sc

1. <!DOCTYPE html>
2. <html>
3. <head>
4. <title>Simple Auth App</title>
5. <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
6. </head>
7. <body>
8. Running...
9. <script>
10. // get the URL parameters received from the authorization server
11. var state = getUrlParameter("state"); // session key
12. var code = getUrlParameter("code"); // authorization code
13.  
14. // load the app parameters stored in the session
15. var params = JSON.parse(localStorage[state]); // load app session
16. var tokenUri = params.tokenUri;
17. var clientId = params.clientId;
18. var secret = params.secret;
19. var serviceUri = params.serviceUri;
20. var redirectUri = params.redirectUri;
21.  
22. // Prep the token exchange call parameters
23. var data = {
24. code: code,
25. grant_type: 'authorization_code',
26. redirect_uri: redirectUri
27. };
28. var options;
29. if (!secret) {
30. data['client_id'] = clientId;
31. }
32. options = {
33. url: tokenUri,
34. type: 'POST',
35. data: data,
36. headers: {
37. "Authorization": "Basic dGVzdDM6YWQ= "
38. },
39. crossDomain: true
40. };
41. if (secret) {
42. options['headers'] = {'Authorization': 'Basic ' + btoa(clientId + ':' + secret)};
43. }
44.  
45. // obtain authorization token from the authorization service using the authorization code
46. $.ajax(options).done(function(res){
47. // should get back the access token and the patient ID
48. var accessToken = res.access_token;
49. var patientId = res.patient;
50.  
51. // and now we can use these to construct standard FHIR
52. // REST calls to obtain patient resources with the
53. // SMART on FHIR-specific authorization header...
54. // Let's, for example, grab the patient resource and
55. // print the patient name on the screen
56. var url = serviceUri + "/Patient/" + patientId;
57. $.ajax({
58. url: url,
59. type: "GET",
60. dataType: "json",
61. headers: {
62. "Authorization": "Bearer " + accessToken
63. },
64. }).done(function(pt){
65. var name = pt.name[0].given.join(" ") +" "+ pt.name[0].family.join(" ");
66. document.body.innerHTML += "<h3>Patient: " + name + "</h3>";
67. });
68. });
69.  
70. // Convenience function for parsing of URL parameters
71. // based on http://www.jquerybyexample.net/2012/06/get-url-parameters-using-jquery.html
72. function getUrlParameter(sParam)
73. {
74. var sPageURL = window.location.search.substring(1);
75. var sURLVariables = sPageURL.split('&');
76. for (var i = 0; i < sURLVariables.length; i++)
77. {
78. var sParameterName = sURLVariables[i].split('=');
79. if (sParameterName[0] == sParam) {
80. var res = sParameterName[1].replace(/\+/g, '%20');
81. return decodeURIComponent(res);
82. }
83. }
84. }
85.  
86. function createCORSRequest(method, url) {
87. var xhr = new XMLHttpRequest();
88. if ("withCredentials" in xhr) {
89.  
90. // Check if the XMLHttpRequest object has a "withCredentials" property.
91. // "withCredentials" only exists on XMLHTTPRequest2 objects.
92. xhr.open(method, url, true);
93.  
94. } else if (typeof XDomainRequest != "undefined") {
95.  
96. // Otherwise, check if XDomainRequest.
97. // XDomainRequest only exists in IE, and is IE's way of making CORS requests.
98. xhr = new XDomainRequest();
99. xhr.open(method, url);
100.  
101. } else {
102.  
103. // Otherwise, CORS is not supported by the browser.
104. xhr = null;
105.  
106. }
107. return xhr;
108. }
109. </script>
110. </body>
111. </html>