The project was part of a key initiative to expedite the modernization of a private company’s suite of websites and mobile applications. Keyhole was tasked with building and implementing a cross-platform mobile application using React Native.
The mobile application was to be used on both iOS and Android devices in such a way that users thought it was a “native” application. Another component included partnering with third parties, working to integrate them securely into the application, and interfacing with other internal applications.
Client and Application Overview
The client is a large, nonprofit, integrated healthcare network home to more than 20 hospitals and 700 outpatient facilities located on the east coast of the United States.
The purpose of this application was to assist patients with the booking of their appointments, fill out and view their patient-specific forms, and to have all of their health-related data stored in one place. As with all applications that transmit and receive personally identifiable information (PII), the application needed to be HIPAA-compliant, secure, and well-architected.
- React Native was used to develop the mobile application, built for both the iOS and Android versions
- Its associated web application was built in Drupal with Node on the back-end
- React was used for parts of the website including the dashboard
- Redux, Native-Base, Storybook, and React Navigation
- Gigya for identity management and authentication
- Microsoft Azure, GraphQL, Azure DevOps, hapi, Sequelize, and Bunyan
- Testing tools included React Native Debugger, iOS Simulator, Android Emulator, Visual Studio Code, jest, and sublime text
- Atlassian Confluence, CA Agile Central/Rally
Main Development Tasks
The Keyhole team worked to architect and develop a feature-rich, green-field React Native mobile application for use on Android and iOS mobile platforms.
From a technical perspective, the React Native mobile application used Redux for state management, React Navigation for routing, Microsoft AppCenter for analytics, Storybook for viewing components including common components, Font Awesome for icon support, and Azure DevOps Pipelines for builds.
The application began using Native-Base for component support, but it was deemed too unstable and inconsistent across platforms and did not support all the properties needed, like accessibility. Therefore, it was deprecated and is in the process of being removed.
Gigya was used for identity management, authentication, and authorization by making direct calls to their libraries. The application is tightly integrated with Gigya’s native libraries on Android and iOS. Keyhole performed a several month-long upgrade/rewrite of the integration due to Gigya releasing re-architected libraries for both Android and iOS (written in Swift). A UX team used Figma to design new screens and components. The developers then took those designs and turned them into React Native implementations for the mobile application.
The team also worked on the app’s messaging system and successfully added messages alerting users of incomplete forms. They also worked to add messages related to the users’ profiles. With their enhancements, the application now generates and sends different messages according to the logic they created. The team was able to accomplish this by adding and modifying message components to the message bus that handled sending.
Integration and Third-Party Requests
The team implemented Security Assertion Markup Language (SAML) for incoming requests from third parties. SAML is an open standard based on XML for authentication and authorization between parties. The team discovered that this was a rather complex standard, and the implementation was tricky due to complexity from the utilization of Gigya for the identification. Keyhole also implemented outbound SAML to third parties.
For integration, simple HTTPS web calls were used in addition to Azure queues. Many internal systems are used along with Cerner’s Soarian, Gigya, and Docent Health. HIPAA is followed in all communications, data storage, and logging.
Additionally, Keyhole consultants helped to extend a Node.js server that functions as an integration platform between many other services that the client had implemented.
This server runs in Microsoft Azure and takes advantage of the queuing support that Azure provides. It uses hapi for routing, Sequelize for database integration, GraphQL for data mapping, and Bunyan for logging support. Keyhole implemented one of the hapi security methods that allows for system-to-system calls, including token-based authentication and AES256 encryption.
The team utilized an agile methodology. The tasks were estimated and assigned during the sprint planning that took place. Keyhole consultants utilized Atlassian products which included Confluence and Bitbucket. Bitbucket has since been replaced with Azure DevOps Repos. The team also used CA Agile Central (formally called Rally) for story tracking.
Keyhole worked with client architects to design new features, diagram workflows, implement the features, test, and deploy. The project team was integrated with external consultants and client employees. There was constant knowledge transfer back and forth between all developers as the integrated team worked to improve the React Native development methodology. Often this occurred in the form of Developer Guild meetings initiated by Keyhole.