Experiences about Finnish Personal Health Record data repository (part 2)

This blog post handles how to create a new application client to the PHR Sandbox environment via self-service portal.

Create an admin user

First you have to create an admin user to self-service portal. Admin user can be created via this site. Admin user can create new application clients to the PHR Sandbox environment.

Create a new client

Log in the self-service portal using admin user credential which was created in the previous phase. In the main page click "Self-service client registration" from the left navigation.

Next you should give basic information about your client app. Fill at least Client name and redirect URI(s). Redirect URI will be destination where client is redirected after authorization. I'm testing my application only in my machine so my redirect URL is pointing to the localhost. 

In the Access tab you can configure allowed scopes. OAuth 2.0 scopes limits access to the resources which are granted to an access token. In this example I'm concentrating to handle only Observation types so I choose Observation read and write scopes. Observations can be like steps, activity, weight, blood pressure etc.

Grant types basically describes methods for a client application to acquire an access token. Access token represents a user's permission for the client to access data. More information about Grant types you can find from here and here.

This application will use authorization code as a grant type. Basically after authentication and when user has approved that that specific client application can use user's PHR data, authorization code is sent to the client application. Client application will be found from the URL which was declared in the client settings (Redirect URI) in the self-service portal. Client application receives the authorization code and uses it the fetch user's access token from the Token endpoint of the Sandbox environment.

In the credentials tab you can determine token endpoint authentication methods. I left these default settings active in this sample application.

Now the most important settings are declared and you can hit the create button. After creation you will get the Client ID, Client secret and Registration access token of your client. Remember to save these information because currently Sandbox self-service portal has a bug which prevents you to access these information later!

Editing existing client

Self-service portal has a functionality to edit existing client information (click Self-service client registration from the navigation). You should give ClientId and Registration Access Token to edit client.

Like said earlier currently there is a bug which prevents you the edit the client. If you want to edit your client please contact Kela. Sandbox administrator user in Kela can change settings manually from the request. Kela is investigating this issue.

Update 27.10.2018 - Client editing is now working via self service portal.

Next blog post will handle technical implementation how to implement PHR Sandbox client application.