Exploring the Dexcom API
Someone I know is using the Dexcom G6 CGM device (CGM = Continuous Glucose Monitoring). It is a pretty amazing device. It takes a glucose measurement every 5 min without requiring you to prick your finger and using strips. I’m told it is life changing for people who have diabetes and I can see why.
A little exploration led me to find their developer portal. I love when companies have a developer.COMPANY.com web site.
As I explored the documentation, I found that Dexcom uses OAuth2 as the protocol to authorize access, so I immediately started looking at ways to integrate it with Auth0.
Auth0 has support for connecting to generic OAuth2 authorization servers, all you need to provide is:
- The login endpoint (where authentication starts).
- The token exchange endpoint.
- An implementation of a function to get a user profile (or a
user_id
at minimum). - Optional
headers
&scope
Dexcom doesn’t have a user profile
endpoint, but luckily, the accessToken
that results from a successful login is actually a JWT, and decoding it is super easy. Among other things we can extract the sub
property which identifies a user uniquely.
function(accessToken, ctx, cb) {
const token = require("jwt-decode")(accessToken);
const profile = {
id: token.sub,
};
cb(null, profile);
}
This creates a unique User
in Auth0. The accessToken
is securely stored in the user profile. Dexcom also supports requesting offline_access
as the scope, which results in both an accessToken
and a refresh_token
to be issued.
Your system can then use the Auth0 Management API to retrieve these values and call the Dexcom API to access all sorts of interesting information.
To retrieve sensitive information from the user profile (like the IdP access_token
), you need the scope read:user_idp_tokens
.