scope needed for ServiceRequest FHIR R4?

[Kenton Sallee]

I've tried system/*.read system/Patient.read system/ServiceRequest.read patient/ServiceRequest.read

In the cerner-code console, we added R4 (ALL) to a pre-existing app to extend functionality to R4 and added ServiceRequest.read access (initially it was only doing DSTU2).  This still gives insufficient scope.

We are able to get patient data using the same tenant/client/secret method for Auth token without issue, but getting insufficient scope on any attempt to access ServiceRequest

{

    "resourceType": "OperationOutcome",

    "issue": [

        {

            "severity": "error",

            "code": "forbidden",

            "diagnostics": "Bearer realm=\"fhir-ehr.sandboxcerner.com\", error=\"insufficient_scope\"",

            "expression": [

                "http.Authorization"

            ]

        }

    ]

}

[Fenil Desani (Cerner)]

Hello,

What is the clientId of your Application?

Thanks,
Fenil

[Kenton Sallee]

Sent in DM, thanks!

[Kenton Sallee]

FYI I'm using the basic authentication method with client/secret, I have tested both on our dev and prod Cerner environments with different client/secret/tenants for each, both giving me insufficient scope for ServiceRequest, but patient data comes through without issue (/patient/{id}), I'm hoping it's something I'm doing wrong with scope or initial authentication setup.  I inherited FHIR/Cerner development last week, so I'm very new to this ;).

[Fenil Desani (Cerner)]

Your App does not have ServiceRequest scope registered. Please log a ticket to Cerner to get the scope added!

[Kenton Sallee]

Is that different than in the code console, where ServiceRequests are enabled?  We have a ticket open from last week on this, so hopefully we'll figure out what we're doing wrong.

[Fenil Desani (Cerner)]

The App you see in https://code-console.cerner.com/ is only tied to our public Sandbox/Client PROD domains.