Patient Authorization Request: invalid-client-credentials

[Zane Silver]

I'm unable to exchange the patient code for an authorization.

Correlation ID: 32f3c587-b7c6-45e2-b024-fc81ed9c07fe

App

App Type: Patient

App ID: 113e918d-efd2-4c9f-bad8-8e8d4bfece19

Client ID: b7bc7cde-fe22-4e17-b805-3a90fb73c29b

Request Headers
Type: POST

Authorization: Basic [base64 < b7bc7cde-fe22-4e17-b805-3a90fb73c29b:secret]

Request URL

'https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token?grant_type=authorization_code&code=81c8e618-ff6e-43f2-861b-bd236cf84da0&state=test&client_id=b7bc7cde-fe22-4e17-b805-3a90fb73c29b'

[Aaron McGinn (Oracle Cerner)]

It looks like you're combining the workflows for system authorization and user authorization [1]. The user auth flow won't use the base64 encoded id:secret.

[1] https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-user

-Aaron (Oracle Cerner)

[Zane Silver]

Hi Aaron,

Thanks for the tip! Unfortunately, after updating the request, I'm receiving an "invalid_client" error when trying to "Process the Authorization Grant Response" (link) to receive an access token (using the patient authorization code).

Correlation ID: 3d0393b8-922d-4ed2-961c-39a9e19aedd6

Request

-H 'Accept: application/json' 

-H 'Content-Type: application/x-www-form-urlencoded'

-X POST 'https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token?grant_type=authorization_code&code=81c8e618-ff6e-43f2-861b-bd236cf84da0&state=test&client_id=b7bc7cde-fe22-4e17-b805-3a90fb73c29b'

Response

{
"error": "invalid_client",
"error_uri": "https://authorization.cerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Ainvalid-client-credentials/instances/3d0393b8-922d-4ed2-961c-39a9e19aedd6?client=unknown&tenant=ec2458f2-1e24-41c8-b71b-0e701af7583d"