SlideShare a Scribd company logo
How to build
    an Indivo X
Personal Health App
         Ben Adida

     Indivo X Users Meeting
          15 April 2010
Demo
Four Steps

1. Scope and framing of your app
2. Authentication and Authorization
3. REST API calls
4. UI widgets
Basic Terminology

• Account
• Record
• PHA / User App
• Admin App
• (Chrome App)
1. Scope


  Screen Real-Estate
  controlled by PHA
For Example
Anatomy of a PHA
•   name                          •   start URL
    “Problems”                        http://problems/auth/start

•   description                   •   post-auth URL
    “track your problems”             http://problems/auth/after

•   principal email               •   consumer key
    problems@apps.indivo.org          838xdnwk-sdf-werkj34

•   data use agreement:           •   consumer secret
    what the app intends to do        23lnbls-235lnsdf-2343
    with the data it reads from
    the record.
2. Auth
Components
                           Access Token




Indivo Server             PHA




                 User's
                Browser
OAuth Protocol
                                         consumer_token
                                         consumer_secret



 Indivo Server        signed        PHA
(Data Service)      HTTP+POX      (Consumer)




       authentication
                                  HMAC-SHA1
                                  RSA-SHA1
                                  ....
                         User's
                        Browser
With the first click...
begin the auth process



           IFRAME directed to
           the PHA’s start URL
        with parameter record_id
User's         Indivo                PHA
        Browser         Server



                                 add

                              GET request_token
Connection
 Step (1)
                                 token


                   REDIRECT
                  authorize
authorize the app
User's                   Indivo         PHA
        Browser                   Server



                        REDIRECT
                       authorize



                  Authorization
                    Process

Connection
 Step (2)                             post-add
redirect to app



         IFRAME directed to
      the PHA’s post-auth URL
   which finishes the oAuth process
User's   Indivo                  PHA
        Browser   Server



                      post-add




                       GET access_token

Connection
                           token
 Step (3)
User's   Indivo              PHA
          Browser   Server



                             token




                             GET data
Interaction
  Phase
                              data
OAuth Request
Authorization: OAuth realm="https://indivohealth.org/",
     oauth_consumer_key="0685bd9184jfhq22",
     oauth_signature_method="HMAC-SHA1",
     oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
     oauth_timestamp="137131200",
     oauth_nonce="4572616e48616d6d65724c61686176",
     oauth_version="1.0"
The code must be
awfully complicated ...
def get_indivo_client(request, with_token=True):
  client = IndivoClient(CONSUMER_KEY,
                        CONSUMER_SECRET,
                        INDIVO_SERVER_LOCATION)

  if with_token:
    client.update_token(request.session['token'])

  return client
def start_auth(request):
  client = get_indivo_client(request, with_token=False)

 # do we have a record_id?
 record_id = request.GET.get('record_id', None)

 # prepare request token parameters
 params = {‘record_id’: record_id}

 # request a request token
 request_token = parse_token_from_response(
            client.post_request_token(data=params))

 # store the request token in the session
 request.session['token'] = request_token

  # redirect to the UI server
  return HttpResponseRedirect
(settings.INDIVO_UI_SERVER_BASE + '/oauth/authorize?
oauth_token=%s' % request_token['oauth_token'])
def after_auth(request):
  # get the token and verifier from the URL parameters
  # retrieve request token stored in the session

 client = get_indivo_client(...)

  # exchange request token for access token
  access_token = parse_token_from_response
(client.post_access_token(data={'oauth_verifier' :
oauth_verifier}))

 # store stuff in the session
 request.session['access_token'] = access_token

 # get record ID that came back with token
 request.session['record_id'] =
    access_token['xoauth_indivo_record_id']

 # go to list of problems
 return HttpResponseRedirect(reverse(problem_list))
3. REST API Calls
get data, e.g. problem list
web platform model
                            Access Token




 Indivo Server             PHA




                  User's
                 Browser
def problem_list(request):
  client = get_indivo_client(request)

  record_id = request.session['record_id']

  # get record information
  record_xml = client.read_record(record_id = record_id)

  # get problem list from most recent to oldest
  problems_xml = client.read_problems(record_id =
record_id, parameters={'order_by': '-date_onset'})
def new_problem(request):
  # get the variables and create a problem XML
  params = ...
  problem_xml = render_raw('problem', params,
type='xml')

  # add the problem
  client = get_indivo_client(request)
  client.post_document(record_id = request.session
['record_id'], data=problem_xml)

  # add a notification
  client.record_notify(record_id = request.session
['record_id'], data={'content':'a new problem has been
added to your problem list'})

  return HttpResponseRedirect(reverse(problem_list))
Other API calls

• get reports on labs, medications, allergies,
  immunizations, etc.
• get basic record information
• add documents, version them, etc.
• store application-specific data not visible to
  other apps (bookkeeping)
What about sharing?
• Carenets: a space for sharing, including
  documents, apps, and people
• An app can be started with a carenet_id
  instead of a record_id.
• The same API calls are available with a
  carenet_id, but may see only
  a subset of the data.
4. UI Widgets
Auto-Complete
Auto-Complete
def code_lookup(request):
    client = get_indivo_client(request)

    query = request.GET['query']

    # reformat this for the jQuery autocompleter
    codes = simplejson.loads(
      client.lookup_code(
        coding_system='umls-snomed',
        parameters= {'q' : query}))

    formatted_codes = {'query': query, 'suggestions': [c
['full_value'] for c in codes], 'data': codes}

    return HttpResponse(simplejson.dumps
(formatted_codes), mimetype="text/plain")
Auto-Complete
    <script src="jquery.js"></script>
    <script src="jquery-ui.js"></script>
    <script src="jquery.autocomplete.js"></script>


<script>
  $('#problem_fullname').autocomplete({
    serviceUrl: 'codelookup',
    minChars: 2,
    onSelect: function(value, data) {
      $('#problem_code').val(data.code);
    }
  });
</script>
Sharing & Audit


def one_problem(request, problem_id):
  ...
  surl_credentials = client.get_surl_credentials()
  ...
Sharing & Audit
<script src="{{SERVER_BASE}}/lib/widgets.js"></script>

<script>
  Indivo.setup('{{INDIVO_UI_SERVER_BASE}}');
</script>

<script>
Indivo.Auth.setToken("{{token}}","{{secret}}");

Indivo.Widget.DocumentAccess.add('{{record_id}}',
'{{problem_id}}');
</script>
Upcoming Features...
Background Apps


- most apps don’t need access
  beyond the user session
- we tie the oAuth token to the web session
  ... unless the user authorizes more
Summary

- your app is activated for each record
- do the oAuth dance, get an access token
- write to the input of the data pipeline,
   read from the end of the data pipeline,
   all simple REST+oAuth calls
- use built-in widgets to get advanced functionality

More Related Content

What's hot

Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
Steve Ivy
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Joris Poelmans
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
T28 implementing adfs and hybrid share point
T28   implementing adfs and hybrid share point T28   implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
Thorbjørn Værp
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
Danny Jessee
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Intro to Apache Shiro
Intro to Apache ShiroIntro to Apache Shiro
Intro to Apache Shiro
Claire Hunsaker
 
SAML 101
SAML 101SAML 101
SAML 101
Echoworx
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 

What's hot (12)

Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
 
T28 implementing adfs and hybrid share point
T28   implementing adfs and hybrid share point T28   implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Intro to Apache Shiro
Intro to Apache ShiroIntro to Apache Shiro
Intro to Apache Shiro
 
SAML 101
SAML 101SAML 101
SAML 101
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 

Viewers also liked

Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable voting
Ben Adida
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable Elections
Ben Adida
 
Smart-Indivo App Challenge Webinar
Smart-Indivo App Challenge WebinarSmart-Indivo App Challenge Webinar
Smart-Indivo App Challenge Webinar
health2dev
 
Secure Voting
Secure VotingSecure Voting
Secure Voting
Ben Adida
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit Voting
Ben Adida
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Ben Adida
 
Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X Overview
Ben Adida
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit Voting
Ben Adida
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and Voting
Ben Adida
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security Overview
Ben Adida
 

Viewers also liked (10)

Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable voting
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable Elections
 
Smart-Indivo App Challenge Webinar
Smart-Indivo App Challenge WebinarSmart-Indivo App Challenge Webinar
Smart-Indivo App Challenge Webinar
 
Secure Voting
Secure VotingSecure Voting
Secure Voting
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit Voting
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
 
Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X Overview
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit Voting
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and Voting
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security Overview
 

Similar to How to Build an Indivo X Personal Health App

CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
scotttomilson
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
Miguel García González
 
Authentication
AuthenticationAuthentication
Authentication
soon
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
Kenji Otsuka
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
Channa Ly
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
Nino Ho
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
Mobiliya
 
OAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsOAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native Apps
Jeff Fontas
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
FIWARE
 
O auth2.0 guide
O auth2.0 guideO auth2.0 guide
O auth2.0 guide
Dilip Mohapatra
 
Api security
Api security Api security
Api security
teodorcotruta
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
Álvaro Alonso González
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
Dejan Glozic
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
axykim00
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
Victor Rentea
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Fernando Lopez Aguilar
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
Sang Shin
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 

Similar to How to Build an Indivo X Personal Health App (20)

CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
Authentication
AuthenticationAuthentication
Authentication
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
OAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsOAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native Apps
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
O auth2.0 guide
O auth2.0 guideO auth2.0 guide
O auth2.0 guide
 
Api security
Api security Api security
Api security
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 

Recently uploaded

Ketone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistryKetone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistry
Dhayanithi C
 
Pharmacology of 5-hydroxytryptamine and Antagonist
Pharmacology of 5-hydroxytryptamine and AntagonistPharmacology of 5-hydroxytryptamine and Antagonist
Pharmacology of 5-hydroxytryptamine and Antagonist
Dr. Nikhilkumar Sakle
 
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdfCHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
rishi2789
 
How to choose the best dermatologists in Indore.
How to choose the best dermatologists in Indore.How to choose the best dermatologists in Indore.
How to choose the best dermatologists in Indore.
Gokuldas Hospital
 
Histololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptxHistololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptx
AyeshaZaid1
 
Top Travel Vaccinations in Manchester
Top Travel Vaccinations in ManchesterTop Travel Vaccinations in Manchester
Top Travel Vaccinations in Manchester
NX Healthcare
 
Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...
Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...
Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...
FFragrant
 
pathology MCQS introduction to pathology general pathology
pathology MCQS introduction to pathology general pathologypathology MCQS introduction to pathology general pathology
pathology MCQS introduction to pathology general pathology
ZayedKhan38
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
taiba qazi
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
reignlana06
 
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptxVestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 
Clinic ^%[+27633867063*Abortion Pills For Sale In Tembisa Central
Clinic ^%[+27633867063*Abortion Pills For Sale In Tembisa CentralClinic ^%[+27633867063*Abortion Pills For Sale In Tembisa Central
Clinic ^%[+27633867063*Abortion Pills For Sale In Tembisa Central
19various
 
CBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdfCBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdf
suvadeepdas911
 
Does Over-Masturbation Contribute to Chronic Prostatitis.pptx
Does Over-Masturbation Contribute to Chronic Prostatitis.pptxDoes Over-Masturbation Contribute to Chronic Prostatitis.pptx
Does Over-Masturbation Contribute to Chronic Prostatitis.pptx
walterHu5
 
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptxEar and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 
DECLARATION OF HELSINKI - History and principles
DECLARATION OF HELSINKI - History and principlesDECLARATION OF HELSINKI - History and principles
DECLARATION OF HELSINKI - History and principles
anaghabharat01
 
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
rishi2789
 
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
Holistified Wellness
 
The Nervous and Chemical Regulation of Respiration
The Nervous and Chemical Regulation of RespirationThe Nervous and Chemical Regulation of Respiration
The Nervous and Chemical Regulation of Respiration
MedicoseAcademics
 
Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)
Josep Vidal-Alaball
 

Recently uploaded (20)

Ketone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistryKetone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistry
 
Pharmacology of 5-hydroxytryptamine and Antagonist
Pharmacology of 5-hydroxytryptamine and AntagonistPharmacology of 5-hydroxytryptamine and Antagonist
Pharmacology of 5-hydroxytryptamine and Antagonist
 
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdfCHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
 
How to choose the best dermatologists in Indore.
How to choose the best dermatologists in Indore.How to choose the best dermatologists in Indore.
How to choose the best dermatologists in Indore.
 
Histololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptxHistololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptx
 
Top Travel Vaccinations in Manchester
Top Travel Vaccinations in ManchesterTop Travel Vaccinations in Manchester
Top Travel Vaccinations in Manchester
 
Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...
Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...
Demystifying Fallopian Tube Blockage- Grading the Differences and Implication...
 
pathology MCQS introduction to pathology general pathology
pathology MCQS introduction to pathology general pathologypathology MCQS introduction to pathology general pathology
pathology MCQS introduction to pathology general pathology
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
 
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptxVestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
 
Clinic ^%[+27633867063*Abortion Pills For Sale In Tembisa Central
Clinic ^%[+27633867063*Abortion Pills For Sale In Tembisa CentralClinic ^%[+27633867063*Abortion Pills For Sale In Tembisa Central
Clinic ^%[+27633867063*Abortion Pills For Sale In Tembisa Central
 
CBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdfCBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdf
 
Does Over-Masturbation Contribute to Chronic Prostatitis.pptx
Does Over-Masturbation Contribute to Chronic Prostatitis.pptxDoes Over-Masturbation Contribute to Chronic Prostatitis.pptx
Does Over-Masturbation Contribute to Chronic Prostatitis.pptx
 
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptxEar and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
 
DECLARATION OF HELSINKI - History and principles
DECLARATION OF HELSINKI - History and principlesDECLARATION OF HELSINKI - History and principles
DECLARATION OF HELSINKI - History and principles
 
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
 
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
 
The Nervous and Chemical Regulation of Respiration
The Nervous and Chemical Regulation of RespirationThe Nervous and Chemical Regulation of Respiration
The Nervous and Chemical Regulation of Respiration
 
Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)
 

How to Build an Indivo X Personal Health App

  • 1. How to build an Indivo X Personal Health App Ben Adida Indivo X Users Meeting 15 April 2010
  • 3. Four Steps 1. Scope and framing of your app 2. Authentication and Authorization 3. REST API calls 4. UI widgets
  • 4. Basic Terminology • Account • Record • PHA / User App • Admin App • (Chrome App)
  • 5. 1. Scope Screen Real-Estate controlled by PHA
  • 7. Anatomy of a PHA • name • start URL “Problems” http://problems/auth/start • description • post-auth URL “track your problems” http://problems/auth/after • principal email • consumer key problems@apps.indivo.org 838xdnwk-sdf-werkj34 • data use agreement: • consumer secret what the app intends to do 23lnbls-235lnsdf-2343 with the data it reads from the record.
  • 9. Components Access Token Indivo Server PHA User's Browser
  • 10. OAuth Protocol consumer_token consumer_secret Indivo Server signed PHA (Data Service) HTTP+POX (Consumer) authentication HMAC-SHA1 RSA-SHA1 .... User's Browser
  • 11. With the first click...
  • 12. begin the auth process IFRAME directed to the PHA’s start URL with parameter record_id
  • 13. User's Indivo PHA Browser Server add GET request_token Connection Step (1) token REDIRECT authorize
  • 15. User's Indivo PHA Browser Server REDIRECT authorize Authorization Process Connection Step (2) post-add
  • 16. redirect to app IFRAME directed to the PHA’s post-auth URL which finishes the oAuth process
  • 17. User's Indivo PHA Browser Server post-add GET access_token Connection token Step (3)
  • 18. User's Indivo PHA Browser Server token GET data Interaction Phase data
  • 19. OAuth Request Authorization: OAuth realm="https://indivohealth.org/", oauth_consumer_key="0685bd9184jfhq22", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D", oauth_timestamp="137131200", oauth_nonce="4572616e48616d6d65724c61686176", oauth_version="1.0"
  • 20. The code must be awfully complicated ...
  • 21. def get_indivo_client(request, with_token=True): client = IndivoClient(CONSUMER_KEY, CONSUMER_SECRET, INDIVO_SERVER_LOCATION) if with_token: client.update_token(request.session['token']) return client
  • 22. def start_auth(request): client = get_indivo_client(request, with_token=False) # do we have a record_id? record_id = request.GET.get('record_id', None) # prepare request token parameters params = {‘record_id’: record_id} # request a request token request_token = parse_token_from_response( client.post_request_token(data=params)) # store the request token in the session request.session['token'] = request_token # redirect to the UI server return HttpResponseRedirect (settings.INDIVO_UI_SERVER_BASE + '/oauth/authorize? oauth_token=%s' % request_token['oauth_token'])
  • 23. def after_auth(request): # get the token and verifier from the URL parameters # retrieve request token stored in the session client = get_indivo_client(...) # exchange request token for access token access_token = parse_token_from_response (client.post_access_token(data={'oauth_verifier' : oauth_verifier})) # store stuff in the session request.session['access_token'] = access_token # get record ID that came back with token request.session['record_id'] = access_token['xoauth_indivo_record_id'] # go to list of problems return HttpResponseRedirect(reverse(problem_list))
  • 24. 3. REST API Calls
  • 25. get data, e.g. problem list
  • 26. web platform model Access Token Indivo Server PHA User's Browser
  • 27. def problem_list(request): client = get_indivo_client(request) record_id = request.session['record_id'] # get record information record_xml = client.read_record(record_id = record_id) # get problem list from most recent to oldest problems_xml = client.read_problems(record_id = record_id, parameters={'order_by': '-date_onset'})
  • 28. def new_problem(request): # get the variables and create a problem XML params = ... problem_xml = render_raw('problem', params, type='xml') # add the problem client = get_indivo_client(request) client.post_document(record_id = request.session ['record_id'], data=problem_xml) # add a notification client.record_notify(record_id = request.session ['record_id'], data={'content':'a new problem has been added to your problem list'}) return HttpResponseRedirect(reverse(problem_list))
  • 29. Other API calls • get reports on labs, medications, allergies, immunizations, etc. • get basic record information • add documents, version them, etc. • store application-specific data not visible to other apps (bookkeeping)
  • 30. What about sharing? • Carenets: a space for sharing, including documents, apps, and people • An app can be started with a carenet_id instead of a record_id. • The same API calls are available with a carenet_id, but may see only a subset of the data.
  • 33. Auto-Complete def code_lookup(request): client = get_indivo_client(request) query = request.GET['query'] # reformat this for the jQuery autocompleter codes = simplejson.loads( client.lookup_code( coding_system='umls-snomed', parameters= {'q' : query})) formatted_codes = {'query': query, 'suggestions': [c ['full_value'] for c in codes], 'data': codes} return HttpResponse(simplejson.dumps (formatted_codes), mimetype="text/plain")
  • 34. Auto-Complete <script src="jquery.js"></script> <script src="jquery-ui.js"></script> <script src="jquery.autocomplete.js"></script> <script> $('#problem_fullname').autocomplete({ serviceUrl: 'codelookup', minChars: 2, onSelect: function(value, data) { $('#problem_code').val(data.code); } }); </script>
  • 35. Sharing & Audit def one_problem(request, problem_id): ... surl_credentials = client.get_surl_credentials() ...
  • 36. Sharing & Audit <script src="{{SERVER_BASE}}/lib/widgets.js"></script> <script> Indivo.setup('{{INDIVO_UI_SERVER_BASE}}'); </script> <script> Indivo.Auth.setToken("{{token}}","{{secret}}"); Indivo.Widget.DocumentAccess.add('{{record_id}}', '{{problem_id}}'); </script>
  • 38. Background Apps - most apps don’t need access beyond the user session - we tie the oAuth token to the web session ... unless the user authorizes more
  • 39. Summary - your app is activated for each record - do the oAuth dance, get an access token - write to the input of the data pipeline, read from the end of the data pipeline, all simple REST+oAuth calls - use built-in widgets to get advanced functionality