SlideShare a Scribd company logo
1 of 39
Download to read offline
How to build
    an Indivo X
Personal Health App
         Ben Adida

     Indivo X Users Meeting
          15 April 2010
Demo
Four Steps

1. Scope and framing of your app
2. Authentication and Authorization
3. REST API calls
4. UI widgets
Basic Terminology

• Account
• Record
• PHA / User App
• Admin App
• (Chrome App)
1. Scope


  Screen Real-Estate
  controlled by PHA
For Example
Anatomy of a PHA
•   name                          •   start URL
    “Problems”                        http://problems/auth/start

•   description                   •   post-auth URL
    “track your problems”             http://problems/auth/after

•   principal email               •   consumer key
    problems@apps.indivo.org          838xdnwk-sdf-werkj34

•   data use agreement:           •   consumer secret
    what the app intends to do        23lnbls-235lnsdf-2343
    with the data it reads from
    the record.
2. Auth
Components
                           Access Token




Indivo Server             PHA




                 User's
                Browser
OAuth Protocol
                                         consumer_token
                                         consumer_secret



 Indivo Server        signed        PHA
(Data Service)      HTTP+POX      (Consumer)




       authentication
                                  HMAC-SHA1
                                  RSA-SHA1
                                  ....
                         User's
                        Browser
With the first click...
begin the auth process



           IFRAME directed to
           the PHA’s start URL
        with parameter record_id
User's         Indivo                PHA
        Browser         Server



                                 add

                              GET request_token
Connection
 Step (1)
                                 token


                   REDIRECT
                  authorize
authorize the app
User's                   Indivo         PHA
        Browser                   Server



                        REDIRECT
                       authorize



                  Authorization
                    Process

Connection
 Step (2)                             post-add
redirect to app



         IFRAME directed to
      the PHA’s post-auth URL
   which finishes the oAuth process
User's   Indivo                  PHA
        Browser   Server



                      post-add




                       GET access_token

Connection
                           token
 Step (3)
User's   Indivo              PHA
          Browser   Server



                             token




                             GET data
Interaction
  Phase
                              data
OAuth Request
Authorization: OAuth realm="https://indivohealth.org/",
     oauth_consumer_key="0685bd9184jfhq22",
     oauth_signature_method="HMAC-SHA1",
     oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
     oauth_timestamp="137131200",
     oauth_nonce="4572616e48616d6d65724c61686176",
     oauth_version="1.0"
The code must be
awfully complicated ...
def get_indivo_client(request, with_token=True):
  client = IndivoClient(CONSUMER_KEY,
                        CONSUMER_SECRET,
                        INDIVO_SERVER_LOCATION)

  if with_token:
    client.update_token(request.session['token'])

  return client
def start_auth(request):
  client = get_indivo_client(request, with_token=False)

 # do we have a record_id?
 record_id = request.GET.get('record_id', None)

 # prepare request token parameters
 params = {‘record_id’: record_id}

 # request a request token
 request_token = parse_token_from_response(
            client.post_request_token(data=params))

 # store the request token in the session
 request.session['token'] = request_token

  # redirect to the UI server
  return HttpResponseRedirect
(settings.INDIVO_UI_SERVER_BASE + '/oauth/authorize?
oauth_token=%s' % request_token['oauth_token'])
def after_auth(request):
  # get the token and verifier from the URL parameters
  # retrieve request token stored in the session

 client = get_indivo_client(...)

  # exchange request token for access token
  access_token = parse_token_from_response
(client.post_access_token(data={'oauth_verifier' :
oauth_verifier}))

 # store stuff in the session
 request.session['access_token'] = access_token

 # get record ID that came back with token
 request.session['record_id'] =
    access_token['xoauth_indivo_record_id']

 # go to list of problems
 return HttpResponseRedirect(reverse(problem_list))
3. REST API Calls
get data, e.g. problem list
web platform model
                            Access Token




 Indivo Server             PHA




                  User's
                 Browser
def problem_list(request):
  client = get_indivo_client(request)

  record_id = request.session['record_id']

  # get record information
  record_xml = client.read_record(record_id = record_id)

  # get problem list from most recent to oldest
  problems_xml = client.read_problems(record_id =
record_id, parameters={'order_by': '-date_onset'})
def new_problem(request):
  # get the variables and create a problem XML
  params = ...
  problem_xml = render_raw('problem', params,
type='xml')

  # add the problem
  client = get_indivo_client(request)
  client.post_document(record_id = request.session
['record_id'], data=problem_xml)

  # add a notification
  client.record_notify(record_id = request.session
['record_id'], data={'content':'a new problem has been
added to your problem list'})

  return HttpResponseRedirect(reverse(problem_list))
Other API calls

• get reports on labs, medications, allergies,
  immunizations, etc.
• get basic record information
• add documents, version them, etc.
• store application-specific data not visible to
  other apps (bookkeeping)
What about sharing?
• Carenets: a space for sharing, including
  documents, apps, and people
• An app can be started with a carenet_id
  instead of a record_id.
• The same API calls are available with a
  carenet_id, but may see only
  a subset of the data.
4. UI Widgets
Auto-Complete
Auto-Complete
def code_lookup(request):
    client = get_indivo_client(request)

    query = request.GET['query']

    # reformat this for the jQuery autocompleter
    codes = simplejson.loads(
      client.lookup_code(
        coding_system='umls-snomed',
        parameters= {'q' : query}))

    formatted_codes = {'query': query, 'suggestions': [c
['full_value'] for c in codes], 'data': codes}

    return HttpResponse(simplejson.dumps
(formatted_codes), mimetype="text/plain")
Auto-Complete
    <script src="jquery.js"></script>
    <script src="jquery-ui.js"></script>
    <script src="jquery.autocomplete.js"></script>


<script>
  $('#problem_fullname').autocomplete({
    serviceUrl: 'codelookup',
    minChars: 2,
    onSelect: function(value, data) {
      $('#problem_code').val(data.code);
    }
  });
</script>
Sharing & Audit


def one_problem(request, problem_id):
  ...
  surl_credentials = client.get_surl_credentials()
  ...
Sharing & Audit
<script src="{{SERVER_BASE}}/lib/widgets.js"></script>

<script>
  Indivo.setup('{{INDIVO_UI_SERVER_BASE}}');
</script>

<script>
Indivo.Auth.setToken("{{token}}","{{secret}}");

Indivo.Widget.DocumentAccess.add('{{record_id}}',
'{{problem_id}}');
</script>
Upcoming Features...
Background Apps


- most apps don’t need access
  beyond the user session
- we tie the oAuth token to the web session
  ... unless the user authorizes more
Summary

- your app is activated for each record
- do the oAuth dance, get an access token
- write to the input of the data pipeline,
   read from the end of the data pipeline,
   all simple REST+oAuth calls
- use built-in widgets to get advanced functionality

More Related Content

What's hot

Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Jonathan LeBlanc
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthfossmy
 
T28 implementing adfs and hybrid share point
T28   implementing adfs and hybrid share point T28   implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 

What's hot (12)

Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
 
T28 implementing adfs and hybrid share point
T28   implementing adfs and hybrid share point T28   implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Intro to Apache Shiro
Intro to Apache ShiroIntro to Apache Shiro
Intro to Apache Shiro
 
SAML 101
SAML 101SAML 101
SAML 101
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 

Viewers also liked

Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable votingBen Adida
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable ElectionsBen Adida
 
Smart-Indivo App Challenge Webinar
Smart-Indivo App Challenge WebinarSmart-Indivo App Challenge Webinar
Smart-Indivo App Challenge Webinarhealth2dev
 
Secure Voting
Secure VotingSecure Voting
Secure VotingBen Adida
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit VotingBen Adida
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsBen Adida
 
Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X OverviewBen Adida
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingBen Adida
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and VotingBen Adida
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security OverviewBen Adida
 

Viewers also liked (10)

Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable voting
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable Elections
 
Smart-Indivo App Challenge Webinar
Smart-Indivo App Challenge WebinarSmart-Indivo App Challenge Webinar
Smart-Indivo App Challenge Webinar
 
Secure Voting
Secure VotingSecure Voting
Secure Voting
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit Voting
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
 
Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X Overview
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit Voting
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and Voting
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security Overview
 

Similar to How to Build an Indivo X Personal Health App

CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
Authentication
AuthenticationAuthentication
Authenticationsoon
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and LibraryKenji Otsuka
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxChanna Ly
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Nino Ho
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
OAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsOAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsJeff Fontas
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Dejan Glozic
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2Sang Shin
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 

Similar to How to Build an Indivo X Personal Health App (20)

CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
Authentication
AuthenticationAuthentication
Authentication
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
OAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsOAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native Apps
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
O auth2.0 guide
O auth2.0 guideO auth2.0 guide
O auth2.0 guide
 
Api security
Api security Api security
Api security
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 

Recently uploaded

Report Back from SGO: What’s the Latest in Ovarian Cancer?
Report Back from SGO: What’s the Latest in Ovarian Cancer?Report Back from SGO: What’s the Latest in Ovarian Cancer?
Report Back from SGO: What’s the Latest in Ovarian Cancer?bkling
 
CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...
CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...
CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...ocean4396
 
Cytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose Academics
Cytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose AcademicsCytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose Academics
Cytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose AcademicsMedicoseAcademics
 
Treatment Choices for Slip Disc at Gokuldas Hospital
Treatment Choices for Slip Disc at Gokuldas HospitalTreatment Choices for Slip Disc at Gokuldas Hospital
Treatment Choices for Slip Disc at Gokuldas HospitalGokuldas Hospital
 
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...marcuskenyatta275
 
CAD CAM DENTURES IN PROSTHODONTICS : Dental advancements
CAD CAM DENTURES IN PROSTHODONTICS : Dental advancementsCAD CAM DENTURES IN PROSTHODONTICS : Dental advancements
CAD CAM DENTURES IN PROSTHODONTICS : Dental advancementsNaveen Gokul Dr
 
Capillary Blood Collection Tubes: The Complete Guidebook
Capillary Blood Collection Tubes: The Complete GuidebookCapillary Blood Collection Tubes: The Complete Guidebook
Capillary Blood Collection Tubes: The Complete GuidebookNanchang Kindly Meditech
 
Mgr university bsc nursing adult health previous question paper with answers
Mgr university  bsc nursing adult health previous question paper with answersMgr university  bsc nursing adult health previous question paper with answers
Mgr university bsc nursing adult health previous question paper with answersShafnaP5
 
Overview on the Automatic pill identifier
Overview on the Automatic pill identifierOverview on the Automatic pill identifier
Overview on the Automatic pill identifierNidhi Joshi
 
Dermatome and myotome test & pathology.pdf
Dermatome and myotome test & pathology.pdfDermatome and myotome test & pathology.pdf
Dermatome and myotome test & pathology.pdfniloofarbarzegari76
 
Tips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES examTips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES examJunhao Koh
 
Bangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door Step
Bangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door StepBangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door Step
Bangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door Stepdarmandersingh4580
 
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...marcuskenyatta275
 
Gait deviations in Transtibial prosthesis users
Gait deviations in Transtibial prosthesis usersGait deviations in Transtibial prosthesis users
Gait deviations in Transtibial prosthesis usersJoe Antony
 
Gallbladder Double-Diverticular: A Case Report المرارة مزدوجة التج: تقرير حالة
Gallbladder Double-Diverticular: A Case Report  المرارة مزدوجة التج: تقرير حالةGallbladder Double-Diverticular: A Case Report  المرارة مزدوجة التج: تقرير حالة
Gallbladder Double-Diverticular: A Case Report المرارة مزدوجة التج: تقرير حالةMohamad محمد Al-Gailani الكيلاني
 
ESC HF 2024 Spotlights Day-2.pptx heart failure
ESC HF 2024 Spotlights Day-2.pptx heart failureESC HF 2024 Spotlights Day-2.pptx heart failure
ESC HF 2024 Spotlights Day-2.pptx heart failuremahiavy26
 
Failure to thrive in neonates and infants + pediatric case.pptx
Failure to thrive in neonates and infants  + pediatric case.pptxFailure to thrive in neonates and infants  + pediatric case.pptx
Failure to thrive in neonates and infants + pediatric case.pptxclaviclebrown44
 
Varicose Veins Treatment Aftercare Tips by Gokuldas Hospital
Varicose Veins Treatment Aftercare Tips by Gokuldas HospitalVaricose Veins Treatment Aftercare Tips by Gokuldas Hospital
Varicose Veins Treatment Aftercare Tips by Gokuldas HospitalGokuldas Hospital
 

Recently uploaded (20)

Report Back from SGO: What’s the Latest in Ovarian Cancer?
Report Back from SGO: What’s the Latest in Ovarian Cancer?Report Back from SGO: What’s the Latest in Ovarian Cancer?
Report Back from SGO: What’s the Latest in Ovarian Cancer?
 
CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...
CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...
CAS 110-63-4 BDO Liquid 1,4-Butanediol 1 4 BDO Warehouse Supply For Excellent...
 
Cytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose Academics
Cytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose AcademicsCytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose Academics
Cytoskeleton and Cell Inclusions - Dr Muhammad Ali Rabbani - Medicose Academics
 
Treatment Choices for Slip Disc at Gokuldas Hospital
Treatment Choices for Slip Disc at Gokuldas HospitalTreatment Choices for Slip Disc at Gokuldas Hospital
Treatment Choices for Slip Disc at Gokuldas Hospital
 
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
 
In Kuwait Abortion pills (+918133066128)@Safe abortion pills in Kuwait City
In Kuwait Abortion pills (+918133066128)@Safe abortion pills in Kuwait CityIn Kuwait Abortion pills (+918133066128)@Safe abortion pills in Kuwait City
In Kuwait Abortion pills (+918133066128)@Safe abortion pills in Kuwait City
 
Best medicine 100% Effective&Safe Mifepristion ௵+918133066128௹Abortion pills ...
Best medicine 100% Effective&Safe Mifepristion ௵+918133066128௹Abortion pills ...Best medicine 100% Effective&Safe Mifepristion ௵+918133066128௹Abortion pills ...
Best medicine 100% Effective&Safe Mifepristion ௵+918133066128௹Abortion pills ...
 
CAD CAM DENTURES IN PROSTHODONTICS : Dental advancements
CAD CAM DENTURES IN PROSTHODONTICS : Dental advancementsCAD CAM DENTURES IN PROSTHODONTICS : Dental advancements
CAD CAM DENTURES IN PROSTHODONTICS : Dental advancements
 
Capillary Blood Collection Tubes: The Complete Guidebook
Capillary Blood Collection Tubes: The Complete GuidebookCapillary Blood Collection Tubes: The Complete Guidebook
Capillary Blood Collection Tubes: The Complete Guidebook
 
Mgr university bsc nursing adult health previous question paper with answers
Mgr university  bsc nursing adult health previous question paper with answersMgr university  bsc nursing adult health previous question paper with answers
Mgr university bsc nursing adult health previous question paper with answers
 
Overview on the Automatic pill identifier
Overview on the Automatic pill identifierOverview on the Automatic pill identifier
Overview on the Automatic pill identifier
 
Dermatome and myotome test & pathology.pdf
Dermatome and myotome test & pathology.pdfDermatome and myotome test & pathology.pdf
Dermatome and myotome test & pathology.pdf
 
Tips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES examTips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES exam
 
Bangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door Step
Bangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door StepBangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door Step
Bangalore whatsapp Number Just VIP Brookefield 100% Genuine at your Door Step
 
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
 
Gait deviations in Transtibial prosthesis users
Gait deviations in Transtibial prosthesis usersGait deviations in Transtibial prosthesis users
Gait deviations in Transtibial prosthesis users
 
Gallbladder Double-Diverticular: A Case Report المرارة مزدوجة التج: تقرير حالة
Gallbladder Double-Diverticular: A Case Report  المرارة مزدوجة التج: تقرير حالةGallbladder Double-Diverticular: A Case Report  المرارة مزدوجة التج: تقرير حالة
Gallbladder Double-Diverticular: A Case Report المرارة مزدوجة التج: تقرير حالة
 
ESC HF 2024 Spotlights Day-2.pptx heart failure
ESC HF 2024 Spotlights Day-2.pptx heart failureESC HF 2024 Spotlights Day-2.pptx heart failure
ESC HF 2024 Spotlights Day-2.pptx heart failure
 
Failure to thrive in neonates and infants + pediatric case.pptx
Failure to thrive in neonates and infants  + pediatric case.pptxFailure to thrive in neonates and infants  + pediatric case.pptx
Failure to thrive in neonates and infants + pediatric case.pptx
 
Varicose Veins Treatment Aftercare Tips by Gokuldas Hospital
Varicose Veins Treatment Aftercare Tips by Gokuldas HospitalVaricose Veins Treatment Aftercare Tips by Gokuldas Hospital
Varicose Veins Treatment Aftercare Tips by Gokuldas Hospital
 

How to Build an Indivo X Personal Health App

  • 1. How to build an Indivo X Personal Health App Ben Adida Indivo X Users Meeting 15 April 2010
  • 3. Four Steps 1. Scope and framing of your app 2. Authentication and Authorization 3. REST API calls 4. UI widgets
  • 4. Basic Terminology • Account • Record • PHA / User App • Admin App • (Chrome App)
  • 5. 1. Scope Screen Real-Estate controlled by PHA
  • 7. Anatomy of a PHA • name • start URL “Problems” http://problems/auth/start • description • post-auth URL “track your problems” http://problems/auth/after • principal email • consumer key problems@apps.indivo.org 838xdnwk-sdf-werkj34 • data use agreement: • consumer secret what the app intends to do 23lnbls-235lnsdf-2343 with the data it reads from the record.
  • 9. Components Access Token Indivo Server PHA User's Browser
  • 10. OAuth Protocol consumer_token consumer_secret Indivo Server signed PHA (Data Service) HTTP+POX (Consumer) authentication HMAC-SHA1 RSA-SHA1 .... User's Browser
  • 11. With the first click...
  • 12. begin the auth process IFRAME directed to the PHA’s start URL with parameter record_id
  • 13. User's Indivo PHA Browser Server add GET request_token Connection Step (1) token REDIRECT authorize
  • 15. User's Indivo PHA Browser Server REDIRECT authorize Authorization Process Connection Step (2) post-add
  • 16. redirect to app IFRAME directed to the PHA’s post-auth URL which finishes the oAuth process
  • 17. User's Indivo PHA Browser Server post-add GET access_token Connection token Step (3)
  • 18. User's Indivo PHA Browser Server token GET data Interaction Phase data
  • 19. OAuth Request Authorization: OAuth realm="https://indivohealth.org/", oauth_consumer_key="0685bd9184jfhq22", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D", oauth_timestamp="137131200", oauth_nonce="4572616e48616d6d65724c61686176", oauth_version="1.0"
  • 20. The code must be awfully complicated ...
  • 21. def get_indivo_client(request, with_token=True): client = IndivoClient(CONSUMER_KEY, CONSUMER_SECRET, INDIVO_SERVER_LOCATION) if with_token: client.update_token(request.session['token']) return client
  • 22. def start_auth(request): client = get_indivo_client(request, with_token=False) # do we have a record_id? record_id = request.GET.get('record_id', None) # prepare request token parameters params = {‘record_id’: record_id} # request a request token request_token = parse_token_from_response( client.post_request_token(data=params)) # store the request token in the session request.session['token'] = request_token # redirect to the UI server return HttpResponseRedirect (settings.INDIVO_UI_SERVER_BASE + '/oauth/authorize? oauth_token=%s' % request_token['oauth_token'])
  • 23. def after_auth(request): # get the token and verifier from the URL parameters # retrieve request token stored in the session client = get_indivo_client(...) # exchange request token for access token access_token = parse_token_from_response (client.post_access_token(data={'oauth_verifier' : oauth_verifier})) # store stuff in the session request.session['access_token'] = access_token # get record ID that came back with token request.session['record_id'] = access_token['xoauth_indivo_record_id'] # go to list of problems return HttpResponseRedirect(reverse(problem_list))
  • 24. 3. REST API Calls
  • 25. get data, e.g. problem list
  • 26. web platform model Access Token Indivo Server PHA User's Browser
  • 27. def problem_list(request): client = get_indivo_client(request) record_id = request.session['record_id'] # get record information record_xml = client.read_record(record_id = record_id) # get problem list from most recent to oldest problems_xml = client.read_problems(record_id = record_id, parameters={'order_by': '-date_onset'})
  • 28. def new_problem(request): # get the variables and create a problem XML params = ... problem_xml = render_raw('problem', params, type='xml') # add the problem client = get_indivo_client(request) client.post_document(record_id = request.session ['record_id'], data=problem_xml) # add a notification client.record_notify(record_id = request.session ['record_id'], data={'content':'a new problem has been added to your problem list'}) return HttpResponseRedirect(reverse(problem_list))
  • 29. Other API calls • get reports on labs, medications, allergies, immunizations, etc. • get basic record information • add documents, version them, etc. • store application-specific data not visible to other apps (bookkeeping)
  • 30. What about sharing? • Carenets: a space for sharing, including documents, apps, and people • An app can be started with a carenet_id instead of a record_id. • The same API calls are available with a carenet_id, but may see only a subset of the data.
  • 33. Auto-Complete def code_lookup(request): client = get_indivo_client(request) query = request.GET['query'] # reformat this for the jQuery autocompleter codes = simplejson.loads( client.lookup_code( coding_system='umls-snomed', parameters= {'q' : query})) formatted_codes = {'query': query, 'suggestions': [c ['full_value'] for c in codes], 'data': codes} return HttpResponse(simplejson.dumps (formatted_codes), mimetype="text/plain")
  • 34. Auto-Complete <script src="jquery.js"></script> <script src="jquery-ui.js"></script> <script src="jquery.autocomplete.js"></script> <script> $('#problem_fullname').autocomplete({ serviceUrl: 'codelookup', minChars: 2, onSelect: function(value, data) { $('#problem_code').val(data.code); } }); </script>
  • 35. Sharing & Audit def one_problem(request, problem_id): ... surl_credentials = client.get_surl_credentials() ...
  • 36. Sharing & Audit <script src="{{SERVER_BASE}}/lib/widgets.js"></script> <script> Indivo.setup('{{INDIVO_UI_SERVER_BASE}}'); </script> <script> Indivo.Auth.setToken("{{token}}","{{secret}}"); Indivo.Widget.DocumentAccess.add('{{record_id}}', '{{problem_id}}'); </script>
  • 38. Background Apps - most apps don’t need access beyond the user session - we tie the oAuth token to the web session ... unless the user authorizes more
  • 39. Summary - your app is activated for each record - do the oAuth dance, get an access token - write to the input of the data pipeline, read from the end of the data pipeline, all simple REST+oAuth calls - use built-in widgets to get advanced functionality