Dear OpenHIE Community,
I hope this message finds you well. We are in the process of developing a tool designed to assess whether a specific system, utilizing FHIR protocols, complies with OpenHIE specifications. However, we encounter a challenge as FHIR does not offer dedicated APIs for the login process. This raises the question of how to effectively implement authentication and authorization for such systems.
The realm of logins presents a variety of methods, including Provider OAuth2 Login (such as Google or Facebook), username/password login, and the use of certificates for authentication. Additionally, the login URL may vary depending on the specific system in question.
Similarly, the landscape of authorization mechanisms is extensive, encompassing API Key, Bearer Token, Basic Token, Digest Token, OAuth 1.0, OAuth 2.0, Hawk Authentication, AWS Signature, NTML Authentication, and Akamai EdgeGrid.
If you could share insights or examples of authentication methods commonly found in OpenHIE based applications, it would greatly assist us in addressing this challenge and ensuring the effectiveness of our testing tool.
Thank you for your time and support.