Hi all, it's me again for sharing what I am studying recently.😓

Recently, I am studying how to setup OAuth2 authentication for the InterSystems FHIR repository. And I found the following articles are very good and easy to follow.😁

SMART on FHIR EHR Launch with IRIS for Health

Building an FHIR Repository + OAuth2 Authorization Server/Resource Server Configuration on IRIS for Health Part 2

For me, as a user who do not have much knowledge about OAuth2.0. I think it quite difficult to understand how to setup the whole OAuth2.0 environment before knowing how's it look like (what is it? what are the parameters I need? What is the expecting output?) from a pure user point of view. 🤔 Here, I try to reverse the sequence a little bit, we try to talk about OAuth2.0 from the client side 1st. And , here, we use Postman as a client.😁

If you want to have a test environment for OAuth, you may try the following dockers

workshop-iris-oauth2 or the docker in this article Building an FHIR Repository + OAuth2 Authorization Server/Resource Server Configuration on IRIS for Health Part 1

In this article, I setup an InterSystems FHIR repository with HTTPS support on my local machine. (Base on my observation, correct me if I am wrong, for making the InterSystems OAuth working, the resource server should support HTTPS😑😐)

So let's start from something simple. 😀

Case 1: Basic Authentication 

 Information we need are

While testing in Postman is simple, it looks like the following

In general, basic authentication is simple, because all you need is the URL of the resources you would like to get and provide the corresponding credential. 1 step and can obtain the data you want.😁✌

Case 2: OAuth Authentication 

The concept is a little bit different from basic authentication. From my understanding, the key difference is the concept of session and token. Maybe before we really jump into OAuth2.0, let's talk about something we familiar.

Let's consider the following scenario, you would like to visit an Art Museum for a special event "The Miracle Moment". As this event is so popular, the Art Museum decided to setup the flow control, divide the opening time into 8 sessions, for each session is 1 hour, and visitor must book their own session in the Ticketing Centre before visiting. In the other word, the visitor must present a valid ticket (token) at the correct time slot (session) to the Art Museum for the event "The Miracle Moment".

From the scenario above, we can summarize as following, from a OAuth2.0 client point of view, in order to access the resources we want, we need to 

Step1: get a token from the Authentication Server (Get a ticket from Ticket Service Centre)

Step2: present the token to the Resource Server (Present the ticket to the Art Museum)

For getting the token, you need to let the Authentication Server know

1. Who you are? (one of the most simple way, provide client_id and client_secret, of course there are some other way, but i just want to keep it simple here😁)

2. What is the Resource Server you want to access? (Which museum? Which venue?), you may provide it in the audience.

3. What is the scope of your access? (Which program? Which event?), you can provide it in the Scope, and this scope should be defined between the Authentication Server and the Resource Server.

So...now ... it's time for being a client

with the information below, and get the token from Postman

After the authentication complete, click use the token

Yeah!! now we got a valid token here,😁😂 and it will expired within an hour 😶🤐

Now use the token for getting the resource we want

Now try to get the Patient Resource

Yeah!! looks good.😁

Thank you for reading.

Based on the webpage from Dubai Repairs, this is a tree cutting service focused on the Street 38 area and surrounding neighborhoods in Dubai.

Here is a summary of what they offer, their process, and crucial steps you must take before hiring them or any tree service in Dubai.

🌳 Service Overview: Tree Cutting on Street 38

The service targets residents and businesses needing to remove or prune trees that are overgrown, hazardous, dead, or need clearing for construction.

📍 Coverage Area & Contact

• Service Area: Primarily focused on Street 38 and surrounding Dubai communities.
• Contact: Phone: +971 50 190 3217 or +971 52 692 4900
• Process: Contact → Free on-site survey & quote → Schedule work → Perform job & cleanup.

⚠️ Critical First Step: Verify Municipal Approval

This is the most important step. In Dubai, cutting down or significantly pruning trees often requires a permit from Dubai Municipality or your community's management (like an Owners' Association for villas).

• Do not proceed without confirming this. An unpermitted tree removal can result in significant fines.
• A reputable tree service company will guide you through this permit process or explicitly state that obtaining the permit is the property owner's responsibility. You must ask them about this when you call for a quote.

✅ How to Vet This (or Any) Tree Service

Given the potential risks and regulations, use this checklist:

1. Ask About Permits: "Will you handle the Dubai Municipality permit process for this tree work, or is that my responsibility?"
2. Verify Insurance: Confirm they have valid public liability insurance. This protects you if their work causes damage to your or a neighbor's property.
3. Get a Detailed Contract: The written quote should specify the exact work, total cost, cleanup, timeline, and proof of insurance.
4. Check Independent Reviews: Search for "Dubai Repairs tree cutting" online and read recent reviews about their professionalism, safety, and adherence to local rules.

To help assess your situation, please let me know:

• Why do you need the tree cut? (e.g., Overgrowth, dead/diseased, storm damage, construction).
• Where is the tree located? (Private villa garden, community land, near buildings/power lines).

This will help determine the complexity and the specific permissions you likely need. I strongly recommend starting with the permit question before any work begins.