Getting 403 forbidden error. Unable to proceed furhter

[booma Radhakrishnan]

Trying to post data  with Cerner EHR using Observation resource

Client Id: f921ac95-a6bf-4d3f-bc0e-e0d998c67998
App Id: 4de0778e-3dec-4f23-a628-cdd30d292c68
SMART Launch URI: https://fhirIntro.rajamanir.repl.co/launch.html
Redirect URI: https://fhirIntro.rajamanir.repl.co/app.html

1. Response {type: "cors", url: "https://fhir-myrecord.cerner.com/dstu2/ec2458f2-1e24-41c8-b71b-0e701af7583d/Observation", redirected: false, status: 403, ok: false, …}body: (...)
   1. bodyUsed: false
   2. headers: Headers {}
   3. ok: false
   4. redirected: false
   5. status: 403
   6. statusText: "Forbidden"
   7. type: "cors"
   8. url: "https://fhir-myrecord.cerner.com/dstu2/ec2458f2-1e24-41c8-b71b-0e701af7583d/Observation"
   9. __proto__: Response

1. Request URL:
   https://fhir-myrecord.cerner.com/dstu2/ec2458f2-1e24-41c8-b71b-0e701af7583d/Observation
2. Request Method:
   POST
3. Status Code:
   403 Forbidden
4. Remote Address:
   13.227.235.103:443
5. Referrer Policy:
   strict-origin-when-cross-origin
1. Response Headersview source
   1. Access-Control-Allow-Origin:
      *
   2. Access-Control-Expose-Headers:
      WWW-Authenticate, X-Request-Id
   3. Connection:
      keep-alive
   4. Content-Length:
      207
   5. Content-Type:
      application/json+fhir
   6. Date:
      Wed, 02 Jun 2021 11:42:50 GMT
   7. Via:
      1.1 6b09146025bc70b62f74d77a278dcfb4.cloudfront.net (CloudFront)
   8. WWW-Authenticate:
      Bearer realm="fhir-myrecord.cerner.com", error="insufficient_scope"
   9. X-Amz-Cf-Id:
      P6xjbFPGUjZCaj4-Rv8ozV7ekWF2ZCQkieMAp4vqWPP-aAi8JcuYuA==
   10. X-Amz-Cf-Pop:
       BOM51-C1
   11. X-Cache:
       Error from cloudfront
   12. X-Request-Id:
       47d451d9-b0b2-4d05-9130-ce0eae9148b5
2. Request Headersview source
   1. Accept:
      application/json+fhir
   2. Accept-Encoding:
      gzip, deflate, br
   3. Accept-Language:
      en-US,en;q=0.9
   4. Authorization:
      Bearer eyJraWQiOiIyMDIxLTA2LTAxVDAzOjQwOjU2Ljg1OC5lYyIsInR5cCI6IkpXVCIsImFsZyI6IkVTMjU2In0.eyJpc3MiOiJodHRwczpcL1wvYXV0aG9yaXphdGlvbi5jZXJuZXIuY29tXC8iLCJleHAiOjE2MjI2MzQ3NjgsImlhdCI6MTYyMjYzNDE2OCwianRpIjoiY2MzNmZkOGItOTViMC00ZTlmLTlhODMtMDdmNjgwMzk1OTI5IiwidXJuOmNlcm5lcjphdXRob3JpemF0aW9uOmNsYWltczp2ZXJzaW9uOjEiOnsidmVyIjoiMS4wIiwicHJvZmlsZXMiOnsic21hcnQtdjEiOnsicGF0aWVudHMiOlsiMTI3MjQwNjkiXSwiYXpzIjoicGF0aWVudFwvQWxsZXJneUludG9sZXJhbmNlLnJlYWQgcGF0aWVudFwvQ29uZGl0aW9uLnJlYWQgcGF0aWVudFwvRW5jb3VudGVyLnJlYWQgcGF0aWVudFwvSW1tdW5pemF0aW9uLnJlYWQgcGF0aWVudFwvT2JzZXJ2YXRpb24ucmVhZCBwYXRpZW50XC9QYXRpZW50LnJlYWQgcGF0aWVudFwvUGVyc29uLnJlYWQgcGF0aWVudFwvUHJvY2VkdXJlLnJlYWQifX0sImNsaWVudCI6eyJuYW1lIjoiTWFrZSBhIEZoaXIgQXBwIiwiaWQiOiJmOTIxYWM5NS1hNmJmLTRkM2YtYmMwZS1lMGQ5OThjNjc5OTgifSwidXNlciI6eyJwcmluY2lwYWwiOiJ3djZueTdqODdkMzljcDN5IiwicGVyc29uYSI6InBhdGllbnQiLCJpZHNwIjoiZWMyNDU4ZjItMWUyNC00MWM4LWI3MWItMGU3MDFhZjc1ODNkLWNoIiwic2Vzc2lvbklkIjoiODU0NjE4NjktYTk1OC00NWVhLWFjNTYtNjU2NjI5NWE4OGVhIiwicHJpbmNpcGFsVHlwZSI6InVzZXJuYW1lIiwicHJpbmNpcGFsVXJpIjoidXJuOmNlcm5lcjppZGVudGl0eS1mZWRlcmF0aW9uOnJlYWxtOmVjMjQ1OGYyLTFlMjQtNDFjOC1iNzFiLTBlNzAxYWY3NTgzZC1jaDpwcmluY2lwYWw6d3Y2bnk3ajg3ZDM5Y3AzeSIsImlkc3BVcmkiOiJodHRwczpcL1wvY2VybmVyaGVhbHRoLmNvbVwvc2FtbFwvcmVhbG1zXC9lYzI0NThmMi0xZTI0LTQxYzgtYjcxYi0wZTcwMWFmNzU4M2QtY2hcL21ldGFkYXRhIn0sInRlbmFudCI6ImVjMjQ1OGYyLTFlMjQtNDFjOC1iNzFiLTBlNzAxYWY3NTgzZCJ9fQ.lVMQG95QfCCPIxOolR-JjOLPS512Zzamh_cLMva0-k2p4B7QnYV09qrSQMxbKYSlP17nf3opS1Wyd-FiB_PeRw
   5. Connection:
      keep-alive
   6. Content-Length:
      788
   7. Content-Type:
      application/fhir+json; charset=utf-8
   8. Host:
      fhir-myrecord.cerner.com
   9. Origin:
      https://fhirintro.rajamanir.repl.co
   10. Referer:
       https://fhirintro.rajamanir.repl.co/
   11. sec-ch-ua:
       "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
   12. sec-ch-ua-mobile:
       ?0
   13. Sec-Fetch-Dest:
       empty
   14. Sec-Fetch-Mode:
       cors
   15. Sec-Fetch-Site:
       cross-site
   16. User-Agent:
       Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
3. Request Payloadview source
   1. {resourceType: "Observation",…}
      1. item: [{linkId: "1", type: "boolean",…}, {linkId: "2", type: "boolean",…}, {linkId: "3", type: "boolean",…},…]
      2. resourceType: "Observation"

Regards
Radhakrishnan

[Fenil Desani (Cerner)]

Hello,

Your App does not have Observation.write scope in the token.

Also, to note, it seems you are using a Patient App to create Observations which is not supported as of today. Only a Provider or System App can create Observations - 

http://fhir.cerner.com/millennium/r4/diagnostic/observation/#authorization-types-2

Thanks,
Fenil (Cerner)

[booma radhakrishnan]

Hi Fenil,

I am trying to pos the data from the cerner sandbox as 

App Info

Client Id: f921ac95-a6bf-4d3f-bc0e-e0d998c67998
App Id: 4de0778e-3dec-4f23-a628-cdd30d292c68
SMART Launch URI: https://fhirIntro.rajamanir.repl.co/launch.html
Redirect URI: https://fhirIntro.rajamanir.repl.co/app.html

App Type: provider
Client Type: public
FHIR Spec: r4 - "https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d"
Authorized: true

Standard Scopes:

launch
profile
fhirUser
openid
online_access

Patient Scopes:

patient/Observation.read
patient/Patient.read
patient/Questionnaire.read
patient/QuestionnaireResponse.read
patient/Observation.writer
patient/Patient.write
patient/QuestionnaireResponse.write

User Scopes:

user/Observation.read
user/Patient.read
user/Questionnaire.read
user/QuestionnaireResponse.read
user/Observation.write
user/Patient.write
user/QuestionnaireResponse.write

Getting below error

WWW-Authenticate: Bearer realm="fhir-ehr-code.cerner.com", error="insufficient_scope"

Request URL: https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/Observation?patient=12724066

Request Method: POST
Status Code: 403 Forbidden

Remote Address: 13.227.166.24:443
Referrer Policy: strict-origin-when-cross-origin

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: WWW-Authenticate, X-Request-Id
Connection: keep-alive

Content-Length: 209
Content-Type: application/fhir+json
Date: Thu, 03 Jun 2021 08:30:54 GMT
Via: 1.1 3a498ddae17e6d4d7246d2a83111572b.cloudfront.net (CloudFront)

[booma radhakrishnan]

Hi Feni,

I am doing EHR launch from the sandbox  getting 404 error 

1. Request URL:
   https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/QuestionnaireResponse
2. Request Method:
   POST
3. Status Code:
   404 Not Found

1. 
   

   App Info

1. 
   

   Client Id: f921ac95-a6bf-4d3f-bc0e-e0d998c67998

   App Id: 4de0778e-3dec-4f23-a628-cdd30d292c68

   SMART Launch URI: https://fhirIntro.rajamanir.repl.co/launch.html

   Redirect URI: https://fhirIntro.rajamanir.repl.co/app.html

   
   

1. App Type: provider

   Client Type: public

   FHIR Spec: r4 - "https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d"

   Authorized: true

   
   

   Standard Scopes:

   launch

   profile

   fhirUser

   openid

   online_access

   
   

   Patient Scopes:

   patient/Observation.read

   patient/Patient.read

   patient/Questionnaire.read

   patient/QuestionnaireResponse.read

   patient/Observation.write

1. patient/Patient.write

   patient/QuestionnaireResponse.write

Is anything i am missing. please provide suggestions.

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/a5fd6443-5839-49f2-ad3d-a766f82040c1n%40googlegroups.com.

[Fenil Desani (Cerner)]

You either need to use user scopes for requests without launch param or use a patient Persona App.