Authorize and token endpoints are not being returned in metadata call to secured endpoint.


Jacob reported this for the call to


Gopal Menon
October 5, 2020, 7:18 PM

It looks like it is caused by code that looks like the snippet that is attached, which is called during servlet init. When the request is for an open endpoint, the fhir rest servlet does not add the security related endpoints to the conformance. I can make it happen in my local environment if I start the service and send in a request with an open endpoint. The conformance statement then does not return the security endpoints for multiple calls (I’m guessing till the servlet is garbage collected). If I start the local service again and send in a request for a secure endpoint, the security endpoints are included in the conformance statement. And I keep getting the security endpoints for multiple calls. Asked in Logica channel if we need to add the security endpoints only to the conformance statement for the open endpoint metadata (the if in the code in the snippet)? I’m trying to figure out the intent for the code.

Gopal Menon
October 6, 2020, 10:39 PM

Talked with Travis and Jacob. Looked at code and verified that Hapi caches the conformance and returns the same conformance regardless of the sandbox (class ConformanceMethodBinding). We decided to fix it by calling a modified version of the hapi code so that there is no caching.

After the meeting, Jacob looked at Interopio and saw that it has the same problem too.

Gopal Menon
October 8, 2020, 3:56 PM

Made the fix and tested it using Postman. The metadata call does not get cached. Also tested in my local environment and it worked.

Pushed the fix to develop. It created a problem where if you click on a sandbox, it does not pull up the sandbox details and shows the list of sandboxes after it does some work.

Talked to Dimitar and he suggested that I would see the problem on my local environment if I throttle my connection. I was able to recreate the problem in the local environment after doing this. He says he can make a fix on the UI, but it will be difficult.

Gopal Menon
October 26, 2020, 5:10 PM

Dimitar has already pushed the UI fix to prod. Will push the backend fix to prod on 10/30.

Gopal Menon
October 27, 2020, 6:38 PM

I pushed the fix to prod today 10/27 as it was causing issues with getting into the sandbox.


Gopal Menon


Gopal Menon