Skip to main content

15 docs tagged with "auth"

View All Tags

Auth and Identity

Medplum supports multiple authentication and authorization configurations, with the intent to enable required compliance and integration scenarios. Implementations commonly use multiple authentication and authorization methods.

Auth Integration Patterns

Medplum supports three primary authentication integration patterns, summarized by the following diagram. Each has its own use case. An implementation can use multiple or all patterns for different use cases.

Client Credentials

The Medplum API uses standard OAuth2/OpenID authentication. The "Client Credentials Flow" is recommended for machine-to-machine access.

Consuming Webhooks

Many SaaS products including popular services like Stripe and Okta support Webhooks, allowing a web application to register a Medplum URL to receive notifications. When a certain event occurs in the source application, such as a new user signup or a change to a record, the source application sends an HTTP POST request to the URL registered by the destination application. This HTTP POST request contains information about the event that occurred.

Custom Welcome Emails

When a new project membership is created, either by "invite" or self "register", by default Medplum sends a "Welcome" email with account setup instructions for the configured "app" URL. For example, on Medplum's hosted environment, the email will include a link to "https://app.medplum.com/setpassword/...".

External Identity Providers

Medplum supports external identity providers such as Auth0 and AWS Cognito for end user authentication. This is sometimes known as "Federated Identities".

Google Authentication

Google Authentications allows users to log in to your application using their Google profile.

Logout

There are two different methods to "logout" and revoke access tokens:

SMART Scopes

SMART on FHIR’s authorization scheme uses OAuth2 scopes to communicate (and negotiate) access requirements.

User Management Guide

This guide walks through how to create and manage users via the Medplum App and via API. Medplum supports multiple authentication options, but always maintains a representation of the user identities, and gives developers control over which authentication method to use for an identity, as well as what access controls are applied.

Using External IDs

By default, Medplum uses email address as a unique identifier for a user. When using External Identity Providers, you may instead want to use the external ID rather than email. This document describes the additional changes to use external ID.