Github source link would make for an easier debugging experience

The RestBinding security token will always be null, i.e., lines 88-92.

The code should be more below such that the security token will be set if the IAuthenticator is not null.

string securityToken = null;
if (authenticator != null)
{
string userAssertion = authenticator.RequiresOnBehalfOf ? context.Request.Headers.Authorization.Parameter.TrimStart("Bearer ".ToCharArray()) : null;
securityToken = await authenticator.AcquireTokenForClientAsync(options.Value.ServerUrl, options.Value.Scopes, null, null, userAssertion);
}

Describe the bug
When a request is provided which contains a charset within the Content-Type header — e.g. application/fhir+json; charset=utf-8 — an exception is thrown due to the following line:

Expected behavior
Requests are handled without issue.

Actual behavior
The following exception is thrown:

---> System.FormatException: The format of value 'application/fhir+json; charset=utf-8' is invalid.
  at System.Net.Http.Headers.MediaTypeHeaderValue.CheckMediaTypeFormat(String mediaType, String parameterName)
  at System.Net.Http.Headers.MediaTypeHeaderValue..ctor(String mediaType)
  at Microsoft.AzureHealth.DataServices.Pipelines.AzureFunctionExtensions.ConvertToHttpRequestMesssage(HttpRequestData req)
  at Microsoft.AzureHealth.DataServices.Pipelines.AzureFunctionPipeline.ExecuteAsync(HttpRequestData request)
  at Bupa.CC.Fhir.Consent.Function.FhirFunction.ConnectedCareFhirHandler(HttpRequestData req, String fhirRoute, FunctionContext executionContext) in /src/src/Bupa.CC.Fhir.Consent.Function/FhirFunction.cs:line 32
  --- End of inner exception stack trace ---

Environment summary
SDK Version: 1.0.1
OS Version: Linux
Compute Platform: Azure Function

Additional context
Judging by the code, I believe the same issue still exists within the 1.1.0 version of the library. Given that the version bump introduces breaking changes and will require additional efforts to utilise within our project, I believe hotfixes should be published for both current versions.

After deploying latest changes to Quickstart Function, Azure Function App becomes unstable. Portal UI is only able to detect deployed functions intermittently. Calling PatientPost function with sample Patient.json returns 502 Bad Gateway errors with trace logs reporting - [Error] Failed to start a new language worker for runtime: dotnet-isolated.

Is your feature request related to a problem? Please describe.
For using the Toolkit with Azure AD, we need the ability to modify the response headers. This is necessary for modifying the Azure AD flow and having clients redirect to the newly formed AAD URL with a Http redirect.

Describe the solution you'd like
It would be great if the OperationContext for the pipeline exposes a headers collection. This could be initialized as empty, binding could conditionally update this (by binding config), then output filters could modify the header collection.

Describe alternatives you've considered
Shim on top of the pipeline inside my program. Works but doesn't keep code segmented in the filter.

Is your feature request related to a problem? Please describe.
Currently, there is no way to stop the execution of the REST binding if an input filter signals a Failure or already has the status code set (e.g. for a redirect).

Describe the solution you'd like
Update to the rest binding to check if the pipeline has failed or if status code already set. This could be done like the filters where they have a "run type".

Describe the bug
When creating a custom operation for a single record (like Patient/), the RestBinding will throw a 500 if a client requests a record that does not exist.

To Reproduce

1. Create a web or function pipeline with a binding that points to a FHIR server (+ an authenticator)
2. Send a request to the FHIR server through the pipeline for a record that doesn't exist (like Patient/123).

Expected behavior
There should at least be an option to not fail on HTTP status codes between 202 and 499 but to pass this through. Especially for 300-400. I don't think "EnsureStatusSuccessful in the RestBinding is correct

Actual behavior

I am trying to follow the docs to setup the Quickstart project with VSCode. When I try to run the function app locally I am hit with this error. What am I doing wrong?

An error/nit in the comment in samples/FeatureSamples/ServiceBusChannel/Program.cs
the first line of the comment is "Adds Service Busas", which should be "Add Service Bus"
the second line of the comment is "too large for Storage Bus.", which should "too large for the Service Bus SKU."

   // Adds Service Busas the first input channel. Azure Storage is a backing store for events that are
    // too large for Storage Bus.
    services.AddInputChannel<ServiceBusChannelOptions>(typeof(ServiceBusChannel), options =>
    {

Tell us what business problem you are trying to solve
We are developing a WebApi that consumes a FHIR service, running the application using 'DefaultAzureCredential()' with a user logged in through Azure CLI works fine.

builder.Services.AddBinding<RestBinding, RestBindingOptions>(options =>
{
  options.BaseAddress = new Uri(configuration.GetValue<string>("FhirServerUrl"));
  options.Credential = new DefaultAzureCredential();
});

Next step is protecting the WebApi controllers using [Authorize] attribute, we receive the bearer token in the API that grants the access to it and the operations the user can perform. The scenario is like that:

User -> Api -> FHIR Server

How do we manage the credentials to call FHIR server in the name of the user?

I guess the API should request for a new token in the name of the user, and somehow use it in the WebPipeline.

Describe what behavior a customization to Azure Health Data Services would solve this problem*
Would be nice to have a sample of this situation, I think it is pretty common.

Does this issue belong as a feature to Azure Health Data Services instead?
No

Additional context
None

Thanks!

Deployed the quickstart sample as per the guide. However when trying to create a new patient using the patient.json file content under the tests folder , getting the below error

Describe the bug

When using an identity type custom header without an Authorization header, the returned exception is vague and hard to debug.

'System.NullReferenceException: 'Object reference not set to an instance of an object.''

To Reproduce
Steps to reproduce the behavior. If you can include code snippets or links to repositories containing a repro of the issue that can helps us in detecting the scenario it would speed up the resolution.

1. Create a pipeline with headers
2. Add an Identity Custom Header to the pipeline config
3. Feed a HttpRequest without the Authorization header

Expected behavior
There should be an exception thrown that clearly states the Authorization header is missing.

Actual behavior
Exception is thrown without much of a stack and a vague message.

Environment summary
SDK Version: Current
OS Version: Windows 10
Compute Platform: Local ASP.NET

Additional context

Stack Trace not showing details:

 at Azure.Health.DataServices.Clients.Headers.HttpCustomHeaderCollection.AppendAndReplace(HttpRequestMessage request)\r\n   at HeaderInputFilter.<ExecuteAsync>d__12.MoveNext() in Z:\\source\\health-data-services-sdk\\samples\\FeatureSamples\\CustomHeaders\\HeaderInputFilter.cs:line 27

Describe the bug

1. Quick start function example had invalid FHIR Elements in the sample Modified Patient Resource
2. RestBinding uses original request content not modified content from filter context.

Is your feature request related to a problem? Please describe.
Currently working on a SMART on FHIR implementation using the toolkit. For simplicity of use, it would be best for us to pass through the access token from the client to the FHIR Service instead of additional AAD setup for the on-behalf-of flow (which gives us nothing here).

Describe the solution you'd like
I would like the ability to pass through the access token from the request to the REST Binding.

Additional context
Authenticator, rest request builder, and rest binding will all need to be updated.

The filter handler methods are incorrect - they have Channel in them. Also the body parameter of FilterErrorEventArg is ignored.

private void OutputFilter_OnFilterError(object sender, FilterErrorEventArgs e)
        {
            context.IsFatal = true;
            context.StatusCode = e.Code ?? HttpStatusCode.InternalServerError;
            context.Error = e.Error;
            logger?.LogError(e.Error, "Pipeline {Name}-{Id} output filter {ChannelName}-{ChannelId} error.", Name, Id, e.Name, e.Id);
            OnError?.Invoke(this, new PipelineErrorEventArgs(Id, Name, e.Error));
        }

        private void InputFilter_OnFilterError(object sender, FilterErrorEventArgs e)
        {
            context.IsFatal = true;
            context.StatusCode = e.Code ?? HttpStatusCode.InternalServerError;
            context.Error = e.Error;
            logger?.LogError(e.Error, "Pipeline {Name}-{Id} input filter {ChannelName}-{ChannelId} error.", Name, Id, e.Name, e.Id);
            OnError?.Invoke(this, new PipelineErrorEventArgs(Id, Name, e.Error));
        }

While talking to @sordahl-ga, he highlighted that Newtonsoft is slower in comparison to System.Text.Json. We switch over for the performance gains and align with the Microsoft recommendation of using System.Text.Json.

We may need to change Microsoft.AzureHealth.DataServices.Json or delete it altogether to accomplish this.

All azd public templates should have an architecture diagram. The azd product team asked that we add one. I suggest that we add two - one with APIM as the main template and one without.

We also should align the quickstart documentation to the azd samples.

Example here: https://github.com/Azure-Samples/todo-csharp-sql-swa-func

FhirUriPath takes the HTTP method as a string while UpdateFhirRequestUri takes a value from the HttpMethod Enum. Both should be using the HttpMethod Enum.

RestRequestBuilder also takes a string and should take the Enum.

In the Deploy Resources section of the Quickstart Readme, the line "Deploy the needed resources by running: azd provision" should be preceded by an line telling the user to run "az login"; otherwise if the user is not logged in then the "azd provision" command will fail.

Deploy Resources
Clone this repository and open a terminal or command window to this folder samples/Quickstart.
Deploy the needed resources by running: azd provision
This will take about 20 minutes to deploy the FHIR Service.
If you have run this sample in the past, using the same environment name and location will reuse your previous resources.

Describe the bug
When calling the POST /Patient endpoint, the Azure Function is returning the following error regardless of Content-Type specified in the header.

Actual behavior

HTTP/1.1 415 Unsupported Media Type
cache-control: private
content-security-policy: frame-src 'self';
content-type: application/fhir+json; charset=utf-8
date: Thu, 31 Aug 2023 19:33:40 GMT
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
transfer-encoding: chunked
vary: Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 9611f686bf3abb4e8f50b18ade89398c
    
{
    "resourceType": "OperationOutcome",
    "id": "9611f686bf3abb4e8f50b18ade89398c",
    "meta": {
        "lastUpdated": "2023-08-31T19:33:39.9074508+00:00"
    },
    "issue": [{
        "severity": "error",
        "code": "not-supported",
        "diagnostics": "Value supplied for the \"Content-Type\" header is not supported."
    }]
}

Prereq section specifies "azd --version", which should be "azd version"

Prerequisite check
In a terminal or command window, run dotnet --version to check that the .NET SDK is version 6.0 or later.
Run az --version and azd --version to check that you have the appropriate Azure command-line tools installed.

Describe the bug
When following the getting started section, running azd init --template Azure-Samples/azure-health-data-services-toolkit-fhir-function-quickstart fails because that repo no longer exists.

To Reproduce
see description

Expected behavior
azd init command should complete successfully and create my new local project.

Actual behavior
fails with:

ERROR: init from template repository: fetching template: failed to clone...
remote: Repository not found.

The built in RestBinding asks for a new access token for every request. This is not performant and is a blocker to any production scale workload with this toolkit.

Moreover, the RestBinding creates a new HttpClient for every request which has some performance concerns.

For better performance of the client, I would recommend:

• Using a singleton HttpClient vs creating one for every request. (see here).
  • The Azure Sdk also uses singleton clients for their services. Check out the Azure Client Factory and this

For better performance for token use, I could recommend code to cache an access token and fetch a new one on failure. Azure KeyVault SDK does a good job at this.

• client
• token handling