Minimal configuration
A minimal configuration that enables most features out of the box and gets you started quickly is shown below. Copy the contents into a file named config.json and make the following adjustments:
fhir.base_urlneeds to point to the FHIR server's base URLauth.jwks_uriis the location of the OAuth server's JWT keystoreauth.issueris theissuerclaim Fire Arrow will expect in the incoming client request's auth token
config.json
{
"enable_graphql_playground": true,
"enable_introspection": true,
"enable_schema_download": true,
"validators": {
"legitimate_interest": {
"role_inheritance_levels": 0
}
},
"fhir": {
"base_url": "https://evoleenworkspace-evoleen-data.fhir.azurehealthcareapis.com"
},
"auth": {
"systems": [
{
"type": "azure_identity",
"parameters": {
"tenant_id": "8a0d55a8-3deb-40a8-b5b4-e598f9448aef",
"application_id": "67ea780a-9a2d-4a61-99bd-49afd231ffb9"
}
},
{
"type": "oauth",
"parameters": {
"identifier": "Azure B2C",
"oidc_url": "https://login.microsoftonline.com/1234-5678-9765-4567/v2.0/.well-known/openid-configuration",
"entity_type_claim": "extension_entityType",
"entity_id_claim": "extension_entityId"
}
}
],
"auto_create_entity": true
},
"rbac": {
"default_access": "Forbidden",
"validation_rules": [
{
"client_role": "Patient",
"entity_name": "Patient",
"operation": "read",
"validator": "PatientCompartment",
},
{
"client_role": "Practitioner",
"entity_name": "Patient",
"operation": "search",
"validator": "LegitimateInterest",
"required_role_system": "http://hl7.org/fhir/ValueSet/practitioner-role",
"required_role_code": "ict"
}
]
}
}
Deployment of the configuration file
Replace the file config.json in the project's root folder (for example the Fire Arrow Shell), then run Fire Arrow.
To build a custom container that overwrites the built-in config.json, the following Dockerfile can be used as template:
Dockerfile
FROM evoleenpublicacr.azurecr.io/fire_arrow:latest
COPY config.json config.json
# Start server.
EXPOSE 8080
CMD ["/app/bin/fire_arrow"]