Register a confidential client application in Azure Active Directory for Azure API for FHIR
In this tutorial, you'll learn how to register a confidential client application in Azure Active Directory (Azure AD).
A client application registration is an Azure AD representation of an application that can be used to authenticate on behalf of a user and request access to resource applications. A confidential client application is an application that can be trusted to hold a secret and present that secret when requesting access tokens. Examples of confidential applications are server-side applications.
To register a new confidential client application, refer to the steps below.
Register a new application
In the Azure portal, select Azure Active Directory.
Select App registrations.
Select New registration.
Give the application a user-facing display name.
For Supported account types, select who can use the application or access the API.
(Optional) Provide a Redirect URI. These details can be changed later, but if you know the reply URL of your application, enter it now.
Permissions for Azure API for FHIR are managed through RBAC. For more details, visit Configure Azure RBAC for FHIR.
Use grant_type of client_credentials when trying to otain an access token for Azure API for FHIR using tools such as Postman. For more details, visit Testing the FHIR API on Azure API for FHIR.
Select Certificates & secrets, and then select New client secret.
Enter a Description for the client secret. Select the Expires drop-down menu to choose an expiration time frame, and then click Add.
After the client secret string is created, copy its Value and ID, and store them in a secure location of your choice.
The client secret string is visible only once in the Azure portal. When you navigate away from the Certificates & secrets web page and then return back to it, the Value string becomes masked. It's important to make a copy your client secret string immediately after it is generated. If you don't have a backup copy of your client secret, you must repeat the above steps to regenerate it.
In this article, you were guided through the steps of how to register a confidential client application in the Azure AD. You were also guided through the steps of how to add API permissions in Azure AD for Azure API for FHIR. Lastly, you were shown how to create an application secret. Furthermore, you can learn how to access your FHIR server using Postman.
FHIR® is a registered trademark of HL7 and is used with the permission of HL7.