system scopes wildcards

[Pavel S]

Hello

I had set up a system only with one scope system/DocumentReference.read. This works, but when I try to do system/*.* this does not work I get an error. I was under impression that this action should return what scopes I am allowed to request based on what I chose in my system app and still return me a token. Is my understanding correct here? I feel like I am missing something.

[Benjamin Eichhorn (Cerner)]

Hi,

Under the "Supported Scopes" header on fhir.cerner.com[1] please note we do not support wildcard scopes at this time.

[1] https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-user

Thank you,
Ben (Cerner)

[Pavel S]

Thank you for your response Benajmin. Another question that is semi related, is there an api that will return supported scopes so that we can use that list to make auth request?

[Benjamin Eichhorn (Cerner)]

You can utilize the either metadata endpoint, the Conformance (for DSTU2) and CapabilityStatement (R4) resources, to extract the currently supported resources and their interactions with the resource type being the resource name and the interactions indicating whether they support a "read" or "write" action (you would need to translate this yourself however to .write or .read). Or you can utilize the .well-known/smart-configuration endpoint (R4 only). More details are listed fhir.cerner.com: https://fhir.cerner.com/millennium/r4/conformance/capability-statement/

Thanks,
Ben (Cerner)

[Pavel S]

Thank you Benjamin. These end points respond with what is supported by Cerner but not what my system app has access to. Is there an api that will list what my system app has access to?

[Fenil Desani (Cerner)]

Your App should have access to all the scopes you selected during App registration on code Console