authorization api not giving access token for resource type ‘DiagnosticReport.read’ in production

39 views
Skip to first unread message

nadi...@gmail.com

unread,
Sep 24, 2018, 2:21:52 PM9/24/18
to Cerner FHIR Developers
I am trying to access diagnostic report api in prod.
I am trying to get access token using auth api-
https://authorization.cerner.com/tenants/{my tenant id}/protocols/oauth2/profiles/smart-v1/token?......scope=system/Patient.read%20system/Patient.write%20system/Contract.read%20system/Contract.write%20system/RelatedPerson.read%20system/RelatedPerson.write%20system/Appointment.read%20system/DiagnosticReport.read

In response- I am not getting access token for resource type ‘DiagnosticReport.read’ 

APi response below has everything i requested but missing resource type ‘DiagnosticReport.read’

{

    "access_token": "<token>",

    "scope": "system/Patient.read system/Patient.write system/Contract.read system/RelatedPerson.read system/RelatedPerson.write",

    "token_type": "Bearer",

    "expires_in": 570

}



It works fine in sandbox.


any help will be highly appreciated.

Regards,

Nadim Zafar

Adventist health system


Jenni Syed (Cerner)

unread,
Sep 25, 2018, 9:07:14 AM9/25/18
to Cerner FHIR Developers
Hi Nadim,

Can you provide a correlation id or x-request-id of one of your requests (returned in headers for all calls to the auth server or FHIR server)? This will help us track down the call stack to confirm the app and configuration.

Thanks,
Jenni

nadim zafar

unread,
Sep 25, 2018, 9:19:24 AM9/25/18
to cerner-fhir...@googlegroups.com
sure.
Cerner-Correlation-ID →9c6c3fbb-bf77-4bc1-af26-45322925dd1c
Thanks Syed.

Regards,
Nadim

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/b3ac271b-87d8-4d99-b1da-533248a00d05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenni Syed (Cerner)

unread,
Sep 26, 2018, 2:21:52 PM9/26/18
to Cerner FHIR Developers
To summarize: after investigation we noted that the app being used here was authorized for a different set of functionality and scopes, and the scope above wasn't in the list of authorized scopes for the app. In non-production and sandbox, this can be addressed my selecting additional scopes (though you should make sure you have separate apps built for things that are truly separate workflows and use cases/applications). 

In production, this takes a request sent in to update config or onboard another application. 

~ Jenni
Reply all
Reply to author
Forward
0 new messages