400 error accessing app after an inactivity of more than 30 minutes

32 views

Skip to first unread message

tri...@cura.tech

unread,

Sep 22, 2017, 4:02:06 AM9/22/17

to Cerner FHIR Developers

We are facing an issue when a token refresh request is sent we get 400 error response. I believe this is occurring cause the refresh token itself has expired..

URL: https://authorization.sandboxcerner.com/tenants/****/protocols/oauth2/profiles/smart-v1/token

Request Body:

{"grant_type":"refresh_token", "refresh_token": "****", "client_id":"****”}

Cerner-Correlation-ID: 31ee1c3c-9266-4f48-85bb-3c5670dd35c1

Response :

{"error":"invalid_grant","error_uri":"https://authorization.sandboxcerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Arefresh-token-session-invalid/instances/3799b439-9177-4a1b-8b58-e652fb9a3506?client=****&tenant=****”}

This issue is persistently coming and for me to get out of this state, I had clear my local cookies and start a new session. How do we handle this scenario where there is a refresh token and even that token has expired? How do I know that the refresh token itself has expired?

Thanks

Trinadh..

Jenni Syed (Cerner)

unread,

Sep 22, 2017, 1:01:59 PM9/22/17

to Cerner FHIR Developers

Trinadh,

The refresh token for provider online_access is only good for as long as the practitioner is signed in and active in PowerChart. You must get a new token/refresh token with each new session/launch of the application.