Register a public client application in Azure Active Directory for Azure API for FHIR
In this article, you'll learn how to register a public application in Azure Active Directory (Azure AD).
The quickstart provides general information about how to register an application with the Microsoft identity platform.
App registrations in Azure portal
In the Azure portal, on the left navigation panel, select Azure Active Directory.
In the Azure Active Directory blade, select App registrations:
Select New registration.
Application registration overview
Give the application a display name.
Provide a reply URL. The reply URL is where authentication codes will be returned to the client application. You can add more reply URLs and edit existing ones later.
In the Azure portal, in App registrations, select your app, and then select Authentication.
Select Advanced settings > Default client type. For Treat application as a public client, select Yes.
For a single-page application, select Access tokens and ID tokens to enable implicit flow.
- If your application signs in users, select ID tokens.
- If your application also needs to call a protected web API, select Access tokens.
Permissions for Azure API for FHIR are managed through RBAC. For more details, visit Configure Azure RBAC for FHIR.
Use grant_type of client_credentials when trying to otain an access token for Azure API for FHIR using tools such as Postman. For more details, visit Testing the FHIR API on Azure API for FHIR.
Validate FHIR server authority
If the application you registered in this article and your FHIR server are in the same Azure AD tenant, you're good to proceed to the next steps.
If you configure your client application in a different Azure AD tenant from your FHIR server, you'll need to update the Authority. In Azure API for FHIR, you do set the Authority under Settings --> Authentication. Set your Authority to ``https://login.microsoftonline.com/<TENANT-ID>`.
In this article, you've learned how to register a public client application in Azure AD. Next, test access to your FHIR Server using Postman.
FHIR® is a registered trademark of HL7 and is used with the permission of HL7.