From 435c91081428059720a033f2d8642d886ee3cabd Mon Sep 17 00:00:00 2001
From: stephalba <64214882+stephalba@users.noreply.github.com>
Date: Fri, 27 Oct 2023 14:42:37 +0200
Subject: [PATCH 1/2] Update README.md
---
README.md | 52 +++++++++++++++++++++++++++++-----------------------
1 file changed, 29 insertions(+), 23 deletions(-)
diff --git a/README.md b/README.md
index d3aa0e6..82d6a00 100644
--- a/README.md
+++ b/README.md
@@ -344,13 +344,9 @@ For the various actions of the E-prescription Switzerland service, there are dif
Revoke
|
- - Personal HIN eID with hardening 20
-
-- Team HIN eID
+ | Personal HIN eID with hardening 20
|
- - Auth-Service (based on SAML)
-
-- OAuth via HIN ACS
+ | Auth-Service (based on SAML)
|
HIN membership
|
@@ -394,7 +390,7 @@ For the various actions of the E-prescription Switzerland service, there are dif
-Note on the authentication with “Personal HIN eID with hardening 20”:
+Note on the authentication with “Personal HIN eID with hardening 20”:
This authentication is done via the HIN/ADSwiss Auth-Service, which ensures that the user was a correctly identified and recently authenticated. HIN Sign also uses the person code 10 to ensure that the person is a doctor.
**EPD authentication**
@@ -443,16 +439,26 @@ Please refer to the main documentation for the list of all available global flag
Please see chapter [Authentication and Authorisation](#32-authentication-and-authorisation).
-When indicated, the requests must be authenticated using the Authorization header as following (an environment is provided for testing that does not enforce authentication):
+When indicated, the requests must be authenticated as following (an environment is provided for testing that does not enforce authentication):
+
+HTTP Server Mode (OAuth via HIN ACS):
+```
+Authorization: Bearer acs:
+```
+
+HTTP Server Mode (Auth-Service):
+```
+Authorization: Bearer epdg:
+```
-HTTP Server Mode:
+CLI Mode (OAuth via HIN ACS):
```
-Authorization: Bearer
+--token
```
-CLI Mode:
+CLI Mode (Auth-Service):
```
---token
+--token --epdg
```
If the request is not authenticated a HTTP 401 Unauthorized or a HTTP 403 Forbidden response is returned.
@@ -493,7 +499,7 @@ When the e-prescription mode is enabled, the following new endpoints are enabled
- POST /ePrescription/cancel/<id>/<eventid>
+ | POST /ePrescription/cancel/<id>/event/<eventid>
|
Registers a cancelation of an event (revoke, dispense, cancel).
|
@@ -919,7 +925,7 @@ Create a valid-chmed16a1.json file containing a valid CHMED16A1 data set.
Here is the command to generate the signed e-prescription QR code:
```
-ENABLE_EPRESCRIPTION=true ./certifaction ePrescription --api https://oauth2.sign.hin.ch/api --token -o test-chmed16a1.pdf -f png test-ePrescription.png
+ENABLE_EPRESCRIPTION=true ./certifaction ePrescription --api https://oauth2.sign.hin.ch/api --token --epdg -o test-chmed16a1.pdf -f png test-ePrescription.png
```
**Server mode**
@@ -932,7 +938,7 @@ ENABLE_EPRESCRIPTION=true ./certifaction server --api https://oauth2.sign.hin.c
Then post the e-prescription data to the /ePrescription/create endpoint as following to get the signed e-prescription QR code as response:
```
-curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer " --data @valid-chmed16a1.json http://localhost:8082/ePrescription/create?type=qrcode > test-ePrescription.png
+curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer epdg:" --data @valid-chmed16a1.json http://localhost:8082/ePrescription/create?type=qrcode > test-ePrescription.png
```
A complete example commands incl. authentication can be found in [Appendix A](#a-e-prescription-authentication-and-use-case-commands).
@@ -969,17 +975,17 @@ ENABLE_EPRESCRIPTION=true certifaction server --api https://api.testnet.certifac
1. Get Login URL
```
- curl --request POST --url "https://oauth2.ci-prep.adswiss.hin.ch/authService/EPDAuth?targetUrl=http%3A%2F%2Flocalhost%2Fsuccess&style=redirect" --header "accept: application/json" --header "Authorization: Bearer "
+ curl --request POST --url "https://oauth2.ci-prep.adswiss.hin.ch/authService/EPDAuth?targetUrl=http%3A%2F%2Flocalhost%2Fsuccess&style=redirect" --header "accept: application/json" --header "Authorization: Bearer "
```
2. Resolve Code to Handle
```
- curl --request POST --url "https://oauth2.ci-prep.adswiss.hin.ch/authService/EPDAuth/auth_handle" -d "{\"authCode\":\"\"}" --header "accept: application/json" --header "Content-Type: application/json" --header "Authorization: Bearer "
+ curl --request POST --url "https://oauth2.ci-prep.adswiss.hin.ch/authService/EPDAuth/auth_handle" -d "{\"authCode\":\"\"}" --header "accept: application/json" --header "Content-Type: application/json" --header "Authorization: Bearer "
```
-3. Use handle as token in `Authorization: Bearer ` header for calls to CLI
+3. Use handle as token in `Authorization: Bearer epdg:` header for calls to CLI
#### ACS Authentication
@@ -1001,7 +1007,7 @@ ENABLE_EPRESCRIPTION=true certifaction server --api https://api.testnet.certifac
curl -H 'Content-Type: application/x-www-form-urlencoded' --data 'grant_type=authorization_code&redirect_uri=&code=&client_id=&client_secret=' https://oauth2.hin.ch/REST/v1/OAuth/GetAccessToken
```
-3. Use token in `Authorization: Bearer ` header for calls to CLI
+3. Use token in `Authorization: Bearer acs:` header for calls to CLI
#### Input Data
@@ -1018,7 +1024,7 @@ CHMED16A1H4sIAAAAAAAACr1WzW7bOBC+71MQvK6t8kd/9mnrdZINULdBkiZAFznQ9tgSJFMGRQVNs74
Option 1: Output as Data/URL
```
- $ curl -X POST -H "Content-Type: application/json" --data @testCHMED16A1.txt -H "authorization: Bearer " http://localhost:8082/ePrescription/create?output-format=data
+ $ curl -X POST -H "Content-Type: application/json" --data @testCHMED16A1.txt -H "authorization: Bearer epdg:" http://localhost:8082/ePrescription/create?output-format=data
HTTP/200 OK
{"SignedPrescriptionData":"https://eprescription.hin.ch/#CHMED16A1H4sIAA…lXGtoKAAA&i=Dr.+Test+Test+1&t=1642529665&s=70cd59558926868ca5dbf18e671eb44caffa6d0be491cf736ed39159ba25c4413177c83088a5f29bf7d5b6d78dc8daa4ab609d0a384dbc2834e00dbea4487db101"}
@@ -1026,7 +1032,7 @@ CHMED16A1H4sIAAAAAAAACr1WzW7bOBC+71MQvK6t8kd/9mnrdZINULdBkiZAFznQ9tgSJFMGRQVNs74
Option 2: Output as PNG QR Code
```
- $ curl -X POST -H "Content-Type: application/json" --data @testCHMED16A1.txt -H “authorization: Bearer <epd_token>” http://localhost:8082/ePrescription/create?output-format=qrcode > testQrCode.png
+ $ curl -X POST -H "Content-Type: application/json" --data @testCHMED16A1.txt -H “authorization: Bearer epdg:” http://localhost:8082/ePrescription/create?output-format=qrcode > testQrCode.png
HTTP/200 OK
```
@@ -1050,7 +1056,7 @@ CHMED16A1H4sIAAAAAAAACr1WzW7bOBC+71MQvK6t8kd/9mnrdZINULdBkiZAFznQ9tgSJFMGRQVNs74
3. Dispense e-prescription fully
```
- $ curl -X POST -H "Content-Type: application/json" -H "authorization: Bearer " http://localhost:8082/ePrescription/dispense/00000000-0000-0000-0000-000000000000
+ $ curl -X POST -H "Content-Type: application/json" -H "authorization: Bearer acs:" http://localhost:8082/ePrescription/dispense/00000000-0000-0000-0000-000000000000
HTTP/200 OK
```
@@ -1179,7 +1185,7 @@ Blister 30 Stk)
Pharmacy 2
|
- Verifies e-prescription and sees that one dispensation has already been made -> Dispenses medicament according to prescription
+ | Verifies e-prescription and sees that one dispensation has already been made -> Dispenses medicament according to e-prescription
|
|
From b1a216193dc245c7733ebbde7133ce6bdf7b612d Mon Sep 17 00:00:00 2001
From: stephalba <64214882+stephalba@users.noreply.github.com>
Date: Fri, 27 Oct 2023 15:21:10 +0200
Subject: [PATCH 2/2] Update README.md
---
README.md | 30 +-----------------------------
1 file changed, 1 insertion(+), 29 deletions(-)
diff --git a/README.md b/README.md
index 82d6a00..86e8ff2 100644
--- a/README.md
+++ b/README.md
@@ -424,16 +424,7 @@ The Certifaction CLI command generates e-prescriptions signatures for e-prescrip
#### 4.1.4. General usage
-The Certifaction CLI can be used either as a command line tool as follows, or as HTTP REST API in its server mode.
-
-```
-certifaction [certifaction flags] [arguments]
-```
-
-
-Use certifaction help <command> for more information about the command.
-
-Please refer to the main documentation for the list of all available global flags and about the [CLI HTTP server mode](https://github.com/certifaction/cli#http-server-mode).
+Please refer to [E-prescription endpoints](#42-e-prescription-endpoints) for the list of all available endpoints.
#### 4.1.5. Authentication
@@ -451,16 +442,6 @@ HTTP Server Mode (Auth-Service):
Authorization: Bearer epdg:
```
-CLI Mode (OAuth via HIN ACS):
-```
---token
-```
-
-CLI Mode (Auth-Service):
-```
---token --epdg
-```
-
If the request is not authenticated a HTTP 401 Unauthorized or a HTTP 403 Forbidden response is returned.
For the creation of e-prescription the elevated EPD-Level Authentication based on SAML artifacts is mandatory. Please refer to the [respective section](#32-authentication-and-authorisation) for further details.
@@ -469,8 +450,6 @@ For the creation of e-prescription the elevated EPD-Level Authentication based o
This section describes the additional endpoints available when the e-prescription mode is enabled.
-Please refer to the main documentation for more information about the [CLI HTTP server mode](https://github.com/certifaction/cli#http-server-mode).
-
When the e-prescription mode is enabled, the following new endpoints are enabled:
@@ -921,13 +900,6 @@ none
**Test data**
Create a valid-chmed16a1.json file containing a valid CHMED16A1 data set.
-**Command line**
-Here is the command to generate the signed e-prescription QR code:
-
-```
-ENABLE_EPRESCRIPTION=true ./certifaction ePrescription --api https://oauth2.sign.hin.ch/api --token --epdg -o test-chmed16a1.pdf -f png test-ePrescription.png
-```
-
**Server mode**
First start the server using the following command: