Skip to content

Commit

Permalink
Update SequenceDiagram.FHIR-Directory.fdv.search.tim.puml
Browse files Browse the repository at this point in the history
  • Loading branch information
gem-uhe authored Dec 8, 2023
1 parent c9d7827 commit a9e7c47
Showing 1 changed file with 27 additions and 20 deletions.
47 changes: 27 additions & 20 deletions src/plantuml/SequenceDiagram.FHIR-Directory.fdv.search.tim.puml
Original file line number Diff line number Diff line change
Expand Up @@ -2,48 +2,55 @@
autonumber 1 1 "<b>[00]"
title "FHIR-VZD Authentisierung für Versicherte"

participant VClient as "TIM-Client Versicherter"

box Fachanwendung #WhiteSmoke
participant VClient as "Client Versicherter"
participant FDienst as "Fachdienst"
end box

box VZD-FHIR-Directory #WhiteSmoke
participant "OAuth-Server" as VzdOAuth
participant "Auth-Service" as VzdAuth
participant fp as "FHIR-Proxy"
end box

participant hs as "Matrix-Homeserver\n(Messenger-Proxy)"

VClient-> VClient: prüfe ob noch gültiges search-access-token\nvom FHIR-Directory Auth-Service vorliegt

VClient-> VClient: prüfe ob gültiges ""search-access-token""\nvom FHIR-Directory Auth-Service vorliegt


alt kein gültiges search-access-token vorhanden
VClient-> hs: POST /_matrix/client/r0/user/{userId}/openid/request_token
activate hs
hs --> VClient: HTTP 200 OK, Result body {"access_token": "Matrix-OpenID-Token",..., "matrix_server_name": "example.com",...}
deactivate hs

VClient->VzdAuth++: GET /patient-authenticate \nX-Matrix-OpenID-Token: Matrix-OpenID-Token

VzdAuth-> VzdAuth: Prüfe ob matrix_server_name\nin Föderationsliste enthalten
VzdAuth-> hs: GET /openid/userinfo/\nrequest header, Authorization: Bearer Matrix-OpenID-Token
activate hs
hs --> VzdAuth: HTTP 200 OK\n(Result Body MXID des Nutzers)
deactivate hs
VClient-> FDienst: Anfrage search-access-token

note left: Vor der Anfrage\nvom search-access-token\nmuss der Client authentisiert sein


FDienst -> FDienst: client_id und client_secret\nz.B. aus config File lesen
FDienst ->VzdOAuth++: POST /token (client_id, client_secret)
VzdOAuth->VzdOAuth: prüfe client_id, client_secret
VzdOAuth-->FDienst--: ""service-authz-token""

FDienst->VzdAuth++: GET /service-authenticate \n Authorization: Bearer {service-authz-token}

VzdAuth->VzdAuth: Prüfe service-authz-token

VzdAuth->VzdAuth: Erzeuge search-access-token
VzdAuth--> VClient: HTTP 200 OK\n{\n "access_token"="search-access-token",\n "token_type":"bearer",\n "expires_in":86400\n}
deactivate VzdAuth
VzdAuth-->FDienst: HTTP 200 OK\n{\n "access_token"="search-access-token",\n "token_type":"bearer",\n "expires_in":86400\n}

FDienst->FDienst: cache ""search-access-token""

FDienst-->VClient: ""search-access-token""
end

== ...Suche durch Versicherte im FHIR VZD... ==

VClient -> fp: GET /patient/search?...\nAuthorization: Bearer search-access-token
VClient -> fp: GET /patient/search?... \nAuthorization: Bearer search-access-token
activate fp
fp -> fp: prüfe search-access-token
fp -> fp: suche

alt search-access-token ist gültig
fp --> VClient : HTTP 200 OK (Result Body json)
else search-accesstoken ist ungültig
else search-access-token ist ungültig
fp --> VClient : HTTP 401
deactivate fp
end
Expand Down

0 comments on commit a9e7c47

Please sign in to comment.