Starting with build 102e, CAREWare can authorize an API client using the new Oauth2 API client login feature.

The CAREWare user account needs to have the API Worker flag set under the Provider User Manager.

Users need to configure the Oauth2 settings in CAREWare under

Administrative Options > Advanced Security Options > Oauth2 API Client Login Settings

Check the Enabled field to enable Oauth2 logins.

The Audience field is set to the value that appears in the "aud" claim of a valid Oauth2 access token.

The Issuer field is set to the value that appears in the "iss" claim of a valid Oauth2 access token.

The Discovery Endpoint field is set to the URL of the Oauth2 server's discovery endpoint. This endpoint returns a JSON object containing the URL of the Oauth2 server's public JSON Web Keyset under the key "jwks_uri". This keyset is used to verify the signature of the incoming access token when logging in.

Here is an example VB project that demonstrates how to use Azure AD to acquire an access token, then send it to CAREWare in exchange for a CAREWare session.