Getting Started with Cerner

[Sneha]

Hi Guys,

I am trying to build an mobile app. I created a App using cerner code console got the client id. The App type dstu_patient.

I am now trying to do OAuth following the below steps

1. Fetch the metadata using this url :-  https://fhir-ehr.sandboxcerner.com/dstu2/d075cf8b-3261-481d-97e5-ba6c48d3b41f/metadata

2. Get the Authorization url . 

3. Redirect the user to this url. But i am not able to go further and nothing happens. It returns back to redirect url with error access deined and the error code urn:cerner:error:authorization-server:oauth2:grant:unauthorized-client-for-tenant. 

Can anyone guide me through as to what am i missing. 

[Michele Mottini]

Did you register your app in the Cerner sandbox? Are you passing its client id in the redirect url?

  - Michele

  CareEvolution Inc

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-developers+unsub...@googlegroups.com.
To post to this group, send email to cerner-fhir-developers@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/a140c874-b764-4c9a-a4c3-96512599db4f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jenni Syed]

Hi Sneha,

The portal (and sandbox) is mid-upgrade right now to allow patient login. When you select the dstu2_patient reference, you're getting access to our newer patient-facing sandbox, which is in a beta stage right now. If you want to continue with that access, the FHIR server URL you'll use is  https://fhir-myrecord.sandboxcerner.com/dstu2/d075cf8b-3261-481d-97e5-ba6c48d3b41f/

You can use fredrick_smart/Cerner01 to log in as one of our patients for that FHIR server.

I will definitely request to "pardon our dust" since both the environment, the portal, and patient access in general is in-flight right now. :)

Meaning that we still have some issues to work through. For example, the metadata endpoint hasn't been updated to reflect what's available specifically for Patient access right now: Device, Patient, Person, AllergyIntolerance, Condition, and MedicationStatement. We've also seen issues with some filtering and errors we're working through with the underlying environment itself.

~ Jenni

[Jenni Syed]

Correction for server URL:  https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/

[Sneha]

Thanks!

@Michele Mottini  . Yes i registered my app.

@Jenni Thansk for the url .But i am still facing issues . I updated the url tried the OAuth but i get a error:

Below is the url created for OAuth based on the url got from conformance statement by making get request to  https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/metadata

https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/patient/authorize?response_type=code&client_id=<xxx>&scope=launch,patient/Observation.read&aud=https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/&redirect_uri=http://localhost/callback

urn.cerner.error.authorization-server.smart-v1-grant-launch.code-required 

I am not clear as to what am i missing . The lauch parameter is optional . Since i am invoking this from mobile app i dont need to provide this parameter to my knowledge.

[Sneha]

Hi,

Thanks the new url helped. I am able to perform OAuth now from browser. but when i try the same from mobile app using cordova i get error Service Unavailable. looking into this issue now .

Not sure why is that happening .

[Sneha]

I think the issue is that when i process the request from mobile app it redirect  me to mobile site with url 

https://m.sandboxcernerhealth.com/oauth/authenticate (remaining part truncated)

Hence i get error.

Can you please help me out ? Thanks

[rom...@medisafe.com]

Hi,

What you did to solve issue with urn:cerner:error:authorization-server:smart-v1:grant:launch:code-required? I'm still stuck on it.

[Sneha]

I just updated the scope value. Initially i defined the scope = launch,patient/Observation.read. I changed it to be scope=launch/patient,patient/Observation.read

[rom...@medisafe.com]

@Shena, Thank you so much. You're genius. 

Just found that it is possible to achieve the same result if remove "launch" from scope.

[Jenni Syed]

This is correct - we don't support the "launch" flow yet for patient (it would need to be launched from somewhere like the patient portal). We do support launch/patient for the Patient login/spec. However, you cannot select that scope within our self registration application yet. 

Once you register an app, if you need the launch/patient workflow for patient-facing apps, you can directly email the group owners here with your client id and we can update the scopes. Note: we still do not support launch/patient for Provider facing apps.

[Sneha]

Jenni,

Could you please help me out with the issue i am facing when i process the oauth request from mobile app it redirect  me to mobile site with url 

https://m.sandboxcernerhealth.com/oauth/authenticate (remaining part truncated)

I get an error Service Unavailable. Any pointers will be helpful

[Jenni Syed]

Hi Sneha,

I've reached out internally for some investigation. We'll update here once it's corrected or we know what might be causing the issue.

~ Jenni

[rom...@medisafe.com]

Sneha, 

if it can help, our temporary solution for that is to use embedded browser with some non-mobile User-Agent header.

[Sneha]

Thank you so much that worked for me!!

[Jenni Syed]

We put in a temporary resolution for the redirect - let me know if you see issues with the mobile redirect still. Eventually, that mobile redirect should not happen.

[James Gomez]

Hi Jenni, Sneha,

I read your topics carefully.
I am gonna develop mobile app for FHIR API integration on cerner.com.
I can't also get Authorization from cerner.com and I am not sure endpoint url.
if you know it, please let me know.
Regards.

my Client Id: 567f8257-584a-464d-b22a-13c99abb31ea

App Type: patient

FHIR Spec: dstu2_patient

Authorized: true

[James Gomez]

this is the request url that I use for getting authorization.
https://fhir-ehr.sandboxcerner.com/dstu2/d075cf8b-3261-481d-97e5-ba6c48d3b41f/metadata
I got response from there.
in the response, I can get followings.

       {

1. • "url":"token",
   • "valueUri":"https://authorization.sandboxcerner.com/tenants/d075cf8b-3261-481d-97e5-ba6c48d3b41f/protocols/oauth2/profiles/smart-v1/token"
   },
2. {
   • "url":"authorize",
   • "valueUri":"https://authorization.sandboxcerner.com/tenants/d075cf8b-3261-481d-97e5-ba6c48d3b41f/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"
   • }
   
   

but I can't open these urls.

it give me following errors message.

I attached the screenshot.

Please let me know how I can get authorization.

[kol.k...@gmail.com]

Hi James,

Based on the log, your application is not sending the client id to the Authorization server.  Can you update your app with the following client id?

my Client Id: 567f8257-584a-464d-b22a-13c99abb31ea

Additionally, if your app is a patient facing app, please use the following URL:

https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca

Thanks,

Kol

[James Gomez]

Hi Kol,
Thanks for your reply.

That client Id: 567f8257-584a-464d-b22a-13c99abb31ea is my app's Client Id.
please let me know how can I update my app.

I will send you my app's info.

App Info

Client Id: 567f8257-584a-464d-b22a-13c99abb31ea

SMART Launch URI: localhost:8000

Redirect URI: localhost:8000

App Type: patient

FHIR Spec: dstu2_patient

Authorized: true

Standard Scopes:

online_access

launch/patient

profile

openid

Patient Scopes:

patient/Patient.read

and as you can see in my app info, current my app is patient facing app.
I tried your URL, but the result is the same.

Please let me know what is my fault.

Thanks.

James.

[Sneha]

James,

Initially using this url  https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/metadata get the auth url & token url

Then redirect the user to auth url passing the required parameter like client id,redirect_uri,scope (you can refer the documentation for this)

The auth url will look like this:-

https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/patient/authorize?response_type=code&client_id=<xxx>&scope=launch,patient/Observation.read&aud=https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/&redirect_uri=http://localhost/callback

Instead off <xxx> put your client id 

Please let me know if this helps.

[James Gomez]

Sneha,
Thanks for your help.

as I said before, I am developing ionic mobile app.
I got authorization url portion from metadata such as  https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/patient/authorize

in order to redirect the user to auth url passing the required parameter like client id,redirect_uri,scope, I tried as your auth url format.

but I am getting error message box.
I'll attach my code portion and error message box.

can you help me what is my fault?

[kol.k...@gmail.com]

Hi James,

It looks like your app is running on port 8100 on the http://localhost:8100/ web sever.  But, your redirect that you have is at port 8000?  Also, you may need to include "http://" as your redirect uri.  Perhaps something like this?  http://localhost:8000/ 

[James Gomez]

hi kol,
thanks for your help.
in my app, I set followings.

SMART Launch URI: localhost:8000

Redirect URI: localhost:8000

please let me know why I have to use localhost:8100.

thanks.

James.

[kol.k...@gmail.com]

James,

Can you update your redirect uri to be like this in your code?  http://localhost:8000/

I already updated the value on the Authorization server side to include http:// and the trailing slash.

[Jenni Syed]

In addition to the update Kol mentioned above, the application is currently asking for launch/patient and patient/Observation.read during the authorization flow. The original setup didn't request access to read Observation, but did request access to read Patient. If the app will be reading the Patient resource, you'll want to update it to also request the patient/Patient.read scope during authorization. If it will be reading Observation, we'll need to add the patient/Observation.read to the scopes the application has access to.

~ Jenni

[kol.k...@gmail.com]

James,

Is the app getting redirected to the login page at https://sandboxcernerhealth.com/oauth/authenticate?  If not, there may be an error. 

Please update your scope in your app to include the following scopes:

launch/patient,patient/Patient.read

Like Jenni mentioned, when you registered your app with the Code Console, you did not specify patient/Observation.read as the scope but your code is sending in patient/Observation.read.

[James Gomez]

Thanks,

I updated my scope in my app to include launch/patient, patient/Patient.read.
and my app is redirecting now.

Navigated to https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-506…e6-4c26-a91c-5069cbc6b1ca%2F&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2F

Navigated to https://sandboxcernerhealth.com/oauth/authenticate?redirect_uri=https%3A%2F…Fsso%2Fresponse&sign_in_only=on&client_id=f8d7e664fc5744cab960c632a5a7a5d3

James.

:)

[James Gomez]

Hi Jenni, kol, 

my app is redirecting to the https://sandboxcernerhealth.com/oauth/authenticate?redirect_uri=https%3A%2F%2Fsandboxcernerhealth.com%2Fsaml%2Fsso%2Fresponse&sign_in_only=on&client_id=f8d7e664fc5744cab960c632a5a7a5d3

but I am not sure the method to get authorization_code right now.
I am gonna get access_token using authorization_code.

please let me know the method to get authorization_code.

Thanks.

James.

[Jenni Syed]

James,

Did you log into the log in window?

You can read more on SMART and OAuth here, including the steps that have to happen and example requests: http://fhir.cerner.com/dstu2/authorization/

Once you login, it will redirect back to the application with an authorization code. Your application will exchange that authorization code for a token at the token endpoint.

~ Jenni

[James Gomez]

Hi Jenni,

Thanks for your help.

I am getting following redirecting url.

https://m.sandboxcernerhealth.com/oauth/authenticate?redirect_uri=https%3A%2F%2Fsandboxcernerhealth.com%2Fsaml%2Fsso%2Fresponse&sign_in_only=on&client_id=f8d7e664fc5744cab960c632a5a7a5d3

I have a CernerCare.com account.
but I can't log into the window with this account.

what kind of account do I have to use?
please let me know about that.

thanks.

James. 

[James Gomez]

I attached the screenshot of my login error about redirect url.

please check it and let me know what is my fault.
thanks.

James.

[Michele Mottini]

Try one of

joe_smart/Cerner01

timmy_smart/Cerner01 wilma_smart/Cerner01 fredrick_smart/Cerner01

- Michele

CareEvolution Inc

[James Gomez]

Thanks Michele,

login is successful.

I need authorization code to get access token.

grant_type=authorization_code&code={AUTHORIZATION_CODE}&client_id={YOUR_CLIENT_ID}&redirect_uri={YOUR CALLBACK URI, IF PROVIDED}

but, I can't find authorization code right now.
where I can see the authorization code?

thanks.

James.

[Michele Mottini]

The Cerner login page redirect back to the redirect URL you provided, and puts the authorization code in a 'code' query parameter of the redirect.

See the 'Smart authorization sequence' diagram at http://docs.smarthealthit.org/authorization/ or also https://tools.ietf.org/html/rfc6749#section-4.1.2

  - Michele

  CareEvolutuion Inc

[James Gomez]

okay,

I got this redirected url with authorization code.

http://localhost:8000/?code=76cea731-b6db-45e1-8c72-cec76cfbcb4c

thanks for your help.

James.

[James Gomez]

Hi,
I got access token now.
Now I am gonna get patient data.

but I haven't any patient id for testing.

please let me know how I should test this.

thanks.

James

[Michele Mottini]

If your app is a patient one you can use a launch/patient scope, you will get a patient ID in the token response (in the 'pratient' field). You have to ask Cerner to enable launch/patient for your app because it is not possible (yet) to do that from the self-service registration

If your app is a provider one do a patient search (by name) to find a patient. 

  - Michele

   CareEvolution Inc

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-developers+unsub...@googlegroups.com.
To post to this group, send email to cerner-fhir-developers@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/72b2c37e-708b-4abb-a4b5-fd0be5f1687f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[James Gomez]

Hi Michele,

thanks for your reply.

my app is a patient one and I am using secret sandbox.

my app use a launch/patient scope.

I am following this tutorial. http://fhir.cerner.com/dstu2/authorization/

so I got authorization code, access token, but I didn't find patient ID and I am not sure API endpoint for finding patient data.

let me know how should I do now.

thanks.

James.

To post to this group, send email to cerner-fhir...@googlegroups.com.

[Michele Mottini]

The patient ID is in the 'patient' field of the token response. If you do not have it maybe launch/patient is not enabled for your app (someone at Cerner has to do that) or the user you are logging in as in Cerner does not have an associated patient - try joe_smart / Cerner01

  - Michele

  CareEvolution Inc

[James Gomez]

Hi Michele,
Thanks for your help.

I got patient ID in token response.

and I got patient data successfully.

thanks.

James.

[Sneha]

Hi ,

I am trying to fetch there fresh token as specified in the document. I get an error 

{"error":"invalid_grant","error_uri":"https://authorization.sandboxcerner.com/errors/urn.cerner.error.Aauthorization-server.oauth2.token.refresh-token-invalid/instances/1225a4ca-f140-4c8c-a1bb-72853d55b8e3?tenant=0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca"}

Any pointers ?

[Jenni Syed]

Sneha,

How long did you wait to refresh? The refresh token is good for the patient "session" - which in this environment is 20 minutes for patient-facing applications, since there is no activity coming from their Portal.

~ Jenni

[Sneha]

I tried it after my access token expired.

[James Gomez]

Hi Sneha,

after the access token expired, I got access token again using refresh token.
I think this code will help you.

$http({

            method: "POST", 

            url: $rootScope.token_url, 

            data: "&grant_type=refresh_token" + "&refresh_token=" + $rootScope.refreshToken })

            .success(function(data) {

                accessToken_r = data.access_token;//access token from refresh token

                $rootScope.accessToken = accessToken_r;

            })

            .error(function(data, status){

                console.log("error: ", data);

            });

[Sneha]

James,

Thanks will try this out.

[Sneha]

Hi,

When i call DiagnosticReport Endpoint i am getting status 403(Forbidden) and Condition,Observation Endpoints are throwing Internal server error.

Any idea?

[Mark Gidman]

Make sure you have patient/DiagnosticReport.read as a requested scope.  Also, if you plan to grab the binary items that are referenced in the reports you'll need patient/Binary.read as well.

As for Condition/Observation - is this something you see all the time or just sporadically?  If all the time then there might be an underlying permissions issue with the user's credentials.  If it's just sporadic, then it's normal.  :)

[Michele Mottini]

Are you using the patient end point? Some resources are not available for that end point - and attempts to access them results in error 500 (not 100% with resources are supported by the patient end point though)

  - Michele

  CareEvolution Inc

[Jenni Syed]

I've posted the patient access details out to the pinned test patient discussion: https://groups.google.com/d/msg/cerner-fhir-developers/edPUbVPIag0/oI_kc6wlEAAJ

Michele is correct - Condition, DiagnosticReport, and Observations are not available for patient access yet.

[Sneha]

I am trying to post AllergyTolerance data. But i get 404 error. The app has all the Permission given. Can we currently insert data using the api?

[Sneha]

Hi,

I am not sure a what am i doing wrong when i try to fetch the patient details i get 403 error

Below is the url

https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Patient/4478007

I pass the access token which i get from oauth in header. Not sure where i am going wrong .

Also i still could not figure out when i try to make POST request AllergyIntolerance end point i still get 404.

Any help would be appreciated. Thanks! 

[Michele Mottini]

I am not sure a what am i doing wrong when i try to fetch the patient details i get 403 error

Below is the url

https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Patient/4478007

Is 4478007 the id of the patient you got when you logged in? 

Also i still could not figure out when i try to make POST request AllergyIntolerance end point i still get 404.

Maybe the patient end point does not support POSTing resources? Not sure

Can you show us the details of your  call? (URL, headers, body) 

  - Michele

  CareEvolution Inc

[Sneha]

Is 4478007 the id of the patient you got when you logged in?

Yes this is the patient Id.

Below are the details of of the POST request:-

Payload

{"resourceType":"AllergyIntolerance","category":"","criticality":"CRITH","status":"active","recordedDate":"2016-08-31T13:51:51.000-05:00","type":"allergy","patient":{"reference":"Patient/4478007"},"reporter":{"reference":"Patient/4478007"},"onset":"1961","reaction":[{"id":"5955735","manifestation":[{"coding":[{"system":"http://snomed.info/sct","code":"247472004","display":"Weal (disorder)","userSelected":false}],"text":"Hives"}]}],"substance":{"coding":[{"system":"http://snomed.info/sct","code":"227146005","display":"Shellfish - dietary (substance)","userSelected":false}],"text":"Shellfish"}}


I am getting 404 error. Not found

[Michele Mottini]

The request looks good to me, sorry, no idea

  - Michele

  CareEvolution Inc

[Jenni Syed]

Sneha,

Michele's initial guess about Patient access not allowing write is correct. We currently don't have any of the writes available for a patient to contribute directly back to their chart.

~ Jenni

[Bipin Vayalu]

Hi,

I am also building a standalone - Patient facing app using Cerner sandbox. I have followed all the steps and got access token as well (but without refresh_token in response). But I am trying to GET patient details, I am only receiving 403 - Forbidden error each time. Please find the requests and other apps details.

App Id: 695bc44f-3db8-4f38-bb6a-bff859b738a6

Redirect URI: http://localhost/callback

Authorise Patient (wilma_smart/Cerner01):

https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/patient/authorize?response_type=code&client_id=<CLIENT-ID>&scope=launch/patient,patient/Observation.read&aud=https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/&state=1234567890&redirect_uri=http://localhost/callback

Get a code like this:

http://localhost/callback?code=d423b728-27c2-46bb-8f2c-20aacba0c732&state=1234567890

To get Access-Token:

https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token?grant_type=authorization_code&client_id=<CLIENT-ID>&code=d423b728-27c2-46bb-8f2c-20aacba0c732&state=695bc44f-3db8-4f38-bb6a-bff859b738a6&redirect_uri=http://localhost/callback

Response:

{

"access_token":"eyJraWQiOiIyMDE5LTExLTE5VDAyOjIyOjE0L..."

"patient": "4342008",

"scope": "launch/patient patient/Observation.read",

"token_type": "Bearer",

"expires_in": 570

}

Trying to get Patient details using Postman:

GET https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Patient/4342008

Headers:

Authorization: Bearer <Access-Token>

Accept: application/json

Content-Type: application/json+fhir;charset=utf-8

Always getting 403 Forbidden in status.

Please help to figure out this issue.

[Michele Mottini]

You have to request the patient/Patient.read scope

  - Michele

  CareEvolution Inc

[Bipin Vayalu]

Yup, It worked after updating scope with patient/Patient.read. Thanks Michele. Here, I have 3 more queries:

1) Why I am unable to receive refresh_token inside "/token" API response? (As mentioned details in the previous message)

2) On Allow screen after successful login, There is one Note: "You will be allowing access for 10 minutes.". What does this mean?

3) Is Cerner secure API support R4 version of FHIR?  Because of this URL (https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Patient/4342008) is having "dstu2" version support. Tried to update it to "r4" but not working. 

I hope i have provided all the required details here. Looking forward to hearing from you.

Thanks in advance.

[Michele Mottini]

1) Why I am unable to receive refresh_token inside "/token" API response? (As mentioned details in the previous message)

I think because the app is a public client - without a client secret

 

2) On Allow screen after successful login, There is one Note: "You will be allowing access for 10 minutes.". What does this mean?

It means that the access token expires in 10 minutes

 

3) Is Cerner secure API support R4 version of FHIR?  Because of this URL (https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-

Yes, it is supported - but not the same set of resources. See https://fhir.cerner.com/millennium/r4 for documentation and end points

  - Michele 

  CareEvolution Inc

[Bipin Vayalu]

Great thanks for the response.

> I think because the app is a public client - without a client secret

How do I make it private and get client secret? Is it something supported by Cerner Sandbox?

[Jenni Syed (Cerner)]

Hi,

In order for your application to have access for longer than 10 minutes (get a refresh token), you would have to request either the online_access (access to data while the patient is signed in) or offline_access (access to data while patient is not signed in). The offline_access scope is the only one requiring a secret. All of this as well as registration instructions if your application will be doing offline access is documented on our authorization page: http://fhir.cerner.com/authorization/

For R4, there is currently no patient access API available, and it is not certified for the promoting interoperability APIs. If you are accessing on behalf of a patient, DSTU 2 is the option you'll need to use for now.

Regards,

Jenni (Cerner)

[Bipin Vayalu]

Hi,

Thanks Jenni,

online_access scope helped me to get refresh_token in response. Now I am looking into update Patient details like want to add alternate email id and add a new resource for existing patient. 

I have tried by adding by "patient/Patient.write" new scope for writing. But I am not sure does Cerner allow to write Patient data? Because I can't see write scopes in the app details page.

App Id: 695bc44f-3db8-4f38-bb6a-bff859b738a6

looking forward to hearing from you.

Thanks,

Bipin Vayalu

[Michele Mottini]

Did you have a look at the documentation?

  - Michele

 CareEvolution Inc

[Bipin Vayalu]

Hi Michele,

Thanks for quick response, I have gone through that document found that there is "Authorization Types are Practitioner | System" only, No Patient type available. So, what I understood here is "Patient facing app can't create/update patient general or any resource". If this is correct then I think there is no way to create/update Patient details from any kind of Patient facing app. 

I hope my understanding is correct so far.

Thanks 

[Jorge Rivera]

Hello

I've been trying to use the instructions left in this thread to get the access token, I'm currently getting a readable stream as response, I've tried to turn this readable stream into a json object to get the data but all I get is another readable stream.

I've copied the example-smart-app github repository into my github accoint and I've exposed it using github pages, that is what I've been using as callback URI:

https://medinreal.github.io/example-smart-app/

I've been using fetch javascript function using this URL:

https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/patient/authorize?response_type=code&client_id=<CLIENT-ID>&scope=launch/patient,patient/Observation.read&aud=https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/&state=1234567890&redirect_uri=https://medinreal.github.io/example-smart-app

Am I doing something wrong here?

-Jorge

On Thursday, November 24, 2016 at 3:59:50 AM UTC-6, Sneha wrote:

Hi Guys,

I am trying to build an mobile app. I created a App using cerner code console got the client id. The App type dstu_patient.

I am now trying to do OAuth following the below steps

1. Fetch the metadata using this url :-  https://fhir-ehr.sandboxcerner.com/dstu2/d075cf8b-3261-481d-97e5-ba6c48d3b41f/metadata

2. Get the Authorization url . 

3. Redirect the user to this url. But i am not able to go further and nothing happens. It returns back to redirect url with error access deined and the error code urn:cerner:error:authorization-server:oauth2:grant:unauthorized-client-for-tenant. 

Can anyone guide me through as to what am i missing. 

[Benjamin Eichhorn (Cerner)]

Hi Jorge,

For better visibility could you open up a new thread? It'll help use answer your questions easier and keep each thread topical.

Thanks,

Ben (Cerner)