Determines risk associated with an individual entering the workplace or other location
- Caching will be delegated to dhp-cache-lib (decided on 2020/08/04)
- Logging will be delegated to dhp-logging-lib (decided on 2020/08/04)
- HTTP calls will be delegated to dhp-http-lib (decided on 2020/08/04)
- jose will be used for JWS verification (decided on 2020/08/04)
- json-rules-engine will be used for business rule processing (decided on 2020/08/04)
- json-path will be used for selecting input data for fact generation (decided on 2020/08/04)
- node-eval will be used for expression evaluation during fact generation (decided on 2020/08/24)
Wellness Score uses AppID for user authentication and authorization. Each user must be registered to the relevant AppID instance.
The following scopes should be configured in AppID:
- wellnessscore.read
- wellnessscore.write
- calculate_wellness
Each AppID user will need:
- A role or roles encompassing any of the desired scopes listed above
- A custom attribute called
tenant_id, which will be used to link all users, input schemas, and rule configurations created for an individual instance of Wellness Score
Following are the Default roles created in AppID instance:
- wellness-admin
- with scopes: wellnesscore.read, wellnessscore.write, calculate_wellness
- wellness-reader
- with scopes: wellnesscore.read, calculate_wellness
Configure the AppID instance to include the tenant_id value in its access tokens using the following curl command:
curl --location --request PUT 'https://us-south.appid.cloud.ibm.com/management/v4/<App ID Tenant ID>/config/tokens' \
--header 'Authorization: Bearer <IAM token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"access": {
"expires_in": <expiry time in seconds>
},
"refresh": {
"enabled": false
},
"anonymousAccess": {
"enabled": false
},
"accessTokenClaims": [
{
"source": "attributes",
"sourceClaim": "tenant_id",
"destinationClaim": "tenant_id"
}
]
}'
Once the token configuration is set, use the security-api's /security/token API (configured with the same instance of AppID) to generate an access token for a particular user.
| Name | Required | Description |
|---|---|---|
| APP_ID_OAUTH_SERVER_URL | yes | AppID oauth url used to generate access tokens |
| OAUTH_SERVICE_CLIENT_ID | yes | App ID service client ID |
| OAUTH_SERVICE_CLIENT_SECRET | yes | App ID service client secret |
| OAUTH_TOKEN_VERIFICATION_URL | yes | https://us-south.appid.cloud.ibm.com/oauth/v4/< App ID Tenant ID >/introspect |
| OAUTH_APP_CLIENT_ID | for integration tests | App ID application client ID |
| CLOUDANT_URL | yes | Cloudant instance host (prepend 'https://' to the value listed in Service credentials) |
| CLOUDANT_API_KEY | yes | Cloudant instance apikey |
| CLOUDANT_DATABASE | yes | database in Cloudant instance |
| SECURITY_API | for integration tests | Security API URL |
The wellness-score-api uses libraries that are maintained in private git repositories in the HealthPass organization:
If you are a developer who would like to run the wellness-score-api on your local machine, first ensure that you have a personal ssh key added to your Github account. If you have write access to the above healthpass library repositories, you should then be able to successfully run npm install.
- API will retrieve the rule configuration specified by
$.rule_configuration_idin the request, validating that the client is authorized to use the requested configuration - API will get the input schema referenced by the rule configuration in Step 1
- API will validate the contents of
$.inputfrom the request against the input schema in Step 2 - API will generate facts from the input using the fact specifications in
ruleConfiguration.facts, performing any pre-processing required perruleConfiguration.pre_processing - API will initialize a rule engine, adding the rules defined in
ruleConfiguration.rules, and setting the facts from Step 4 - API will run the engine and return the output, per the specification
- API will retrieve the tenant information associated with the client's token
- API will validate that the client is entitled to view the requested rule configuration
- API will return the rule configuration, per the specification
The following APIs are not yet implemented:
- addSchema
- getSchema
- getSchemas
- replaceSchema
- deleteSchema
- addRuleConfiguration
- getRuleConfiguration
- getRuleConfigurations
- replaceRuleConfiguration
- deleteRuleConfiguration
- validateRuleConfiguration
In the meantime, to successfully calculate a wellness score, manually add an input schema document, a rule configuration document, and a tenant document to the specified Cloudant DB.
Example JSON for each of the above can be found in the testdata directory.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent