Securing a custom FHIR Server with a Client App
Hello,
I have set up a custom FHIR server using this tutorial: fhir-server/DefaultDeployment.md at main · microsoft/fhir-server · GitHub. I intitially skipped the optional step 1 of creating an AAD Application to secure the FHIR server, but I would like to add this security now. I followed this tutorial: Web App Tutorial - Client Application Setup - Azure API for FHIR | Microsoft Learn and it added the appropriate security to my FHIR API - I must now login and get an access token before I can make calls to the FHIR API. However, it seems to have broken the _operations endpoints for the FHIR Server. When I make a call to the server to perform an export operation ($export), the operation executes and I can see the export file in my container, but a call to get the status of this file (at the URL returned in the Content-Location of the $export call), my API now returns a 501 error. Is there an additional step I am missing to incorporate the AAD Application security with the container for my FHIR server or is there a simpler way to incorporate the AAD Application security with the custom FHIR Server that includes support for the _operations?