Add new example for Smartbox (#6)

* Add new example

* Deleted depending on .env

* Finally deleted .env from docker-compose.yaml

Author: veto-vlad

README.md

@@ -16,6 +16,7 @@ A collection of examples on top of Aidbox FHIR platform
 - [Aidbox Notify via Custom Resources](aidbox-notify-via-custom-resources/)
 - [Topic-Based Subscription to Kafka](aidbox-subscriptions-to-kafka/)
 - [SMART App Launch with Aidbox and Keycloak](smart-app-launch/)
+- [SMART App Launch with Smartbox and Keycloak](smart-app-launch-smartbox/)
 - [IPS $summary implementation](ips-ig/)
 - [IPS Chile $summary implementation](ips-ig-cl/)
 - [IPS $summary implementation with FHIR Topic-Based Subscriptions](ips-subscriptions/)

smart-app-launch-smartbox/Dockerfile.growthchart

@@ -0,0 +1,11 @@
+FROM docker.io/library/node:22
+
+RUN git clone https://github.com/smart-on-fhir/growth-chart-app.git /app
+
+WORKDIR /app
+
+RUN npm install
+
+EXPOSE 9000
+
+CMD ["npm", "run", "start"]

smart-app-launch-smartbox/README.md

@@ -0,0 +1,142 @@
+# Example: SMART App Launch using Smartbox and Keycloak
+
+This example showcases the Smart App EHR and Patient [launch flows](https://hl7.org/fhir/smart-app-launch/app-launch.html).
+
+## Components
+
+1. Smartbox FHIR server with SMART-on-FHIR support.
+2. [Keycloak](https://www.keycloak.org/)\
+   Identity and Access Management solution that integrates with Aidbox through the [IdentityProvider](https://docs.aidbox.app/modules/security-and-access-control/set-up-external-identity-provider) resource.
+3. [Growth Chart Smart App](https://github.com/smart-on-fhir/growth-chart-app)\
+   A SMART pediatric web application that displays patient growth charts based on their observations.
+4. **Demo Launcher Page**\
+   A web page that emulates EHR patient context selection.
+
+## Prerequisites
+
+* [Docker](https://www.docker.com/)
+* Cloned repository: [Github: Aidbox/examples](https://github.com/Aidbox/examples/tree/main)
+* Working directory: `smart-app-launch-smartbox`
+
+To clone the repository and navigate to the `smart-app-launch-smartbox` directory, run:
+
+```sh
+git clone [email protected]:Aidbox/examples.git && cd examples/smart-app-launch-smartbox
+```
+
+Edit a `docker-compose.yaml` file and paste there your license keys.
+
+```yaml
+# docker-compose.yaml
+...
+services:
+  portal:
+    environment:
+      AIDBOX_LICENSE: <YOUR_PORTAL_LICENSE>
+...
+  sandbox:
+    environment:
+      AIDBOX_LICENSE: <YOUR_SANDBOX_LICENSE>
+```
+
+## Step 1: Run Demo Components
+
+Start all the demo components by running:
+
+```sh
+docker compose up
+```
+
+Wait until all components are pulled and started. The components are accessible at:
+
+* Aidbox - [http://localhost:8888](http://localhost:8888)
+* Keycloak - [http://localhost:7777](http://localhost:7777)
+* Growth Chart - [http://localhost:9000](http://localhost:9000)
+* Demo Launcher Page - [http://localhost:7070/launcher.html](http://localhost:7070/launcher.html)
+
+## Step 2: Open launcher Page
+
+Open the [Demo Launcher Page](http://localhost:7070/launcher.html).
+
+* **Left Side:** A list of patients retrieved from Aidbox, simulating EHR patient context selection.
+* **Right Side:** A Patient Standalone Launch with a pre-selected patient context, simulating a launch directly from the SMART App.
+
+## Step 3: Perform EHR Launch
+
+**3.1** Select a patient from the list on the left side and click the `Launch Growth Chart App` button to start the launch process.\
+**3.2** On the Aidbox login screen, click the `Sign in with Keycloak` button.\
+**3.3** Log in to Keycloak with username `patient` and password `password`\
+**3.4** On the consent screen, allow all requested scopes.\
+**3.5** View the patient's data in the Growth Chart app.
+
+## Step 4: Perform Patient Standalone Launch
+
+**4.1** Go back to the [Demo Launcher](http://localhost:7070/launcher.html)\
+**4.2** On the right side of the screen, click the **Launch Growth Chart App** button under Patient Standalone Launch.\
+**4.2** On the consent screen, allow all requested scopes.\
+**4.3** View the patient's data in the Growth Chart app.
+
+## EHR Launch Interaction Diagram
+
+```mermaid
+sequenceDiagram
+    actor Customer as User
+    participant EHR as EHR <br> (Demo Launcher)
+    participant Aidbox as Aidbox 
+    participant Keycloak as Keycloak 
+    participant Smart App as Growth Chart <br> (SMART App)
+    Note right of EHR: Communicates with Aidbox <br> using HTTP basic auth
+    Customer ->> EHR: Launch Smart App
+    activate EHR
+    EHR ->> Smart App: Launch context
+    deactivate EHR
+    activate Smart App
+    Smart App ->> Aidbox: Redirect to /auth/login?response_type=code&client_id....
+    deactivate Smart App
+    activate Aidbox
+    Aidbox ->> Keycloak: Redirect to Keycloak Login page 
+    deactivate Aidbox
+    activate Keycloak 
+    Note right of Keycloak: Login with Keycloak credentials
+    Keycloak ->> Aidbox: Response with code
+    deactivate Keycloak
+    activate Aidbox
+    Aidbox ->> Keycloak: Request to exchange code to token
+    deactivate Aidbox 
+    activate Keycloak 
+    Keycloak ->> Aidbox: Return token 
+    deactivate Keycloak
+    activate Aidbox
+    Aidbox ->> Keycloak: Request user info
+    deactivate Aidbox 
+    activate Keycloak
+    Keycloak ->> Aidbox: Return user info 
+    deactivate Keycloak
+    activate Aidbox
+    Aidbox ->> Aidbox: Create User resource in Aidbox  
+    Aidbox ->> Customer: Show the Grant screen 
+    deactivate Aidbox 
+    activate Customer
+    Customer ->> Aidbox: Allow requested scopes  
+    deactivate Customer
+    activate Aidbox
+    Aidbox ->> Aidbox: Check granted permissions
+    Aidbox ->> Smart App: Redirect with code
+    deactivate Aidbox 
+    activate Smart App
+    Smart App ->> Aidbox: Request /auth/token <br> to exchange code to token
+    deactivate Smart App
+    activate Aidbox
+    Aidbox ->> Smart App: Return token
+    deactivate Aidbox 
+    activate Smart App
+    Smart App ->> Aidbox: Request /Observation and /Patient/<pt-id> with token
+    deactivate Smart App
+    activate Aidbox
+    Aidbox ->> Aidbox: Validate scopes from token
+    Aidbox ->> Smart App: Return Observations and Patient
+    deactivate Aidbox 
+    activate Smart App
+    Smart App ->> Customer: Show patient's data
+    deactivate Smart App
+```

smart-app-launch-smartbox/aidbox.json

@@ -0,0 +1,110 @@
+{
+  "type": "batch",
+  "entry": [
+    {
+      "request": {
+        "method": "PUT",
+        "url": "/Client/growth_chart"
+      },
+      "resource": {
+        "resourceType": "Client",
+        "id": "growth_chart",
+        "auth": {
+          "authorization_code": {
+            "redirect_uri": "http://localhost:9000/",
+            "refresh_token": true,
+            "token_format": "jwt",
+            "access_token_expiration": 3600000
+          }
+        },
+        "smart": {
+          "launch_uri": "http://localhost:9000/launch.html"
+        },
+        "type": "smart-app",
+        "secret": "quOfCRS7ty1RMUQq",
+        "grant_types": [
+          "authorization_code"
+        ]
+      }
+    },
+    {
+      "request": {
+        "method": "PUT",
+        "url": "/Client/ehr"
+      },
+      "resource": {
+        "id": "ehr",
+        "secret": "verysecret",
+        "grant_types": [
+          "basic"
+        ],
+        "resourceType": "Client"
+      }
+    },
+    {
+      "request": {
+        "method": "PUT",
+        "url": "/AccessPolicy/demo-clients-allow"
+      },
+      "resource": {
+        "id": "demo-clients-allow",
+        "link": [
+          {
+            "id": "ehr",
+            "resourceType": "Client"
+          },
+          {
+            "id": "growth_chart",
+            "resourceType": "Client"
+          }
+        ],
+        "engine": "allow",
+        "resourceType": "AccessPolicy"
+      }
+    },
+    {
+      "request": {
+        "method": "PUT",
+        "url": "/IdentityProvider/keycloak"
+      },
+      "resource": {
+        "resourceType": "IdentityProvider",
+        "scopes": [
+          "profile",
+          "openid"
+        ],
+        "system": "keycloak",
+        "userinfo_endpoint": "http://localhost:7777/realms/patients/protocol/openid-connect/userinfo",
+        "authorize_endpoint": "http://localhost:7777/realms/patients/protocol/openid-connect/auth",
+        "client": {
+          "id": "aidbox",
+          "secret": "HOuPXmduHfTjhtW0eqAeMsHZJbRNVc8x"
+        },
+        "title": "Keycloak",
+        "active": true,
+        "id": "keycloak",
+        "token_endpoint": "http://keycloak:7777/realms/patients/protocol/openid-connect/token",
+        "userinfo-source": "id-token"
+      }
+    },
+
+    {
+      "request": {
+        "method": "POST",
+        "url": "/Patient/$load"
+      },
+      "resource": {
+        "source": "https://storage.googleapis.com/aidbox-public/synthea/v2/100/fhir/Patient.ndjson.gz"
+      }
+    },
+    {
+      "request": {
+        "method": "POST",
+        "url": "/Observation/$load"
+      },
+      "resource": {
+        "source": "https://storage.googleapis.com/aidbox-public/synthea/v2/100/fhir/Observation.ndjson.gz"
+      }
+    }
+  ]
+}

smart-app-launch-smartbox/docker-compose.yaml

@@ -0,0 +1,88 @@
+
+version: '3.7'
+
+volumes:
+  aidbox_pg_data: {}
+services:
+  aidbox-db:
+    image: healthsamurai/aidboxdb:14.5
+    volumes:
+    - aidbox_pg_data:/data:delegated
+    environment:
+      PGDATA: /data
+      POSTGRES_USER:     postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB:       postgres
+
+  portal:
+    image: healthsamurai/smartbox:2412
+    depends_on: ["aidbox-db"]
+    links:
+      - "aidbox-db:database"
+      - "sandbox:sandbox"
+    ports:
+      - "8888:8888"
+    volumes:
+    - ./aidbox.json:/tmp/aidbox.json
+    environment:
+      BOX_INIT_BUNDLE: file:///tmp/aidbox.json
+      PGHOST: "database"
+      PGDATABASE: "portal"
+      BOX_AUTH_LOGIN__REDIRECT: "/admin/portal"
+      BOX_PROJECT_ENTRYPOINT: "smartbox.portal/box"
+      AIDBOX_LICENSE: 
+      AIDBOX_BASE_URL: "http://localhost:8888"
+      BOX_SMARTBOX_SANDBOX__URL: "http://sandbox:8888"
+      BOX_SMARTBOX_SANDBOX__BASIC: "root:secret"
+      PGPORT: 5432
+      PGHOSTPORT: 5437
+      PGUSER: postgres
+      PGPASSWORD: postgres
+      AIDBOX_PORT: 8888
+
+
+  sandbox:
+    image: healthsamurai/smartbox:2412
+    depends_on: ["aidbox-db"]
+    links:
+      - "aidbox-db:database"
+    ports:
+      - "9999:8888"
+    environment:
+      PGHOST: "database"
+      PGDATABASE: "sandbox"
+      BOX_AUTH_LOGIN__REDIRECT: "/"
+      BOX_PROJECT_ENTRYPOINT: "smartbox.dev-portal/box"
+      AIDBOX_LICENSE: 
+      AIDBOX_BASE_URL: "http://localhost:9999"
+      PGPORT: 5432
+      PGHOSTPORT: 5437
+      PGUSER: postgres
+      PGPASSWORD: postgres
+      AIDBOX_PORT: 8888
+
+  growth_chart:
+    build: 
+      context: .
+      dockerfile: ./Dockerfile.growthchart
+    ports:
+    - 9000:9000
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:26.0.6
+    volumes:
+    - ./keycloak.json:/opt/keycloak/data/import/keycloak.json
+    ports:
+      - 7777:7777
+    environment:
+      KC_HTTP_PORT: 7777
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: admin
+    command: start-dev --import-realm
+
+  launcher:
+    image: nginx:alpine
+    ports:
+      - "7070:80"
+    volumes:
+      - ./launcher.html:/usr/share/nginx/html/launcher.html:r

smart-app-launch-smartbox/growth-chart-app

@@ -0,0 +1 @@
+Subproject commit ca9fe72a412762b17d33a382650923bf85a262bf