Skip to first unread message
Assigned to aaron....@oracle.com by me
Sophia Ye
Apr 7, 2021, 12:30:10 PM4/7/21
to Cerner FHIR Developers
Hi,
I am trying to launch my app within the Cerner sandbox. Before March 12, 2021, it had been launching and working successfully (I was able to authenticate successfully and the app's UI and APIs were loading correctly). However, now every time I try to launch my app, I encounter a blank page that says "403 Forbidden" and the console says: "`Failed to load resource: the server responded with a status of 403 ()`".
I have not made any changes to the launch process since the last successful launch of our app and I have verified that my client ID is correct, so I'm wondering if there have been any changes on the Cerner side that may be resulting in this issue.
The app launches successfully when I change my SMART Launch URI to a http://localhost URL, but this 403 error appears when the SMART Launch URI is our live app URL, which is an https URL - just mentioning this in case this is relevant.
Thank you.
Aaron McGinn (Cerner)
Apr 7, 2021, 12:52:58 PM4/7/21
to Cerner FHIR Developers
Per our group guidelines, can you provide the X-Request-Id or Cerner-Correlation-Id from the headers of the failed response?
-Aaron (Cerner)
Sophia Ye
Apr 7, 2021, 2:11:14 PM4/7/21
to cerner-fhir...@googlegroups.com
I don't see a X-Request-Id or Cerner-Correlation-Id in the headers of the response in Developer Tools. The request URL is <SMART App Launch URI>?iss=https%3A%2F%2Ffhir-ehr-code.cerner.com%2Fr4%2Fec2458f2-1e24-41c8-b71b-0e701af7583d&launch=<launch token>. Does this kind of request have a X-Request-Id?
--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/CD_1rqDXcuk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/097d6f6c-f510-4bba-b5e1-e96a2e4aec78n%40googlegroups.com.
Aaron McGinn (Cerner)
Apr 7, 2021, 2:41:27 PM4/7/21
to Cerner FHIR Developers
It should, but what is your client or app ID and I will see if I can find the logs from that.
-Aaron (Cerner)
Sophia Ye
Apr 7, 2021, 2:53:55 PM4/7/21
to cerner-fhir...@googlegroups.com
Client Id: c99b2a80-2025-4126-8fcb-eb3efde048c5
App Id: 7e1b6e34-31dd-42f0-afaa-da25fecd1a97
Thanks!
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/5ac84822-8763-4f30-bb30-6cab8f85d56en%40googlegroups.com.
Sophia Ye
Apr 8, 2021, 10:19:17 AM4/8/21
to cerner-fhir...@googlegroups.com
Hi,
I just wanted to check in and see if anything was found in the logs regarding this error.
Thank you!
Aaron McGinn (Cerner)
Apr 8, 2021, 1:39:02 PM4/8/21
to Cerner FHIR Developers
I do see that you are passing patient/*.read in your scopes, which we do not currently support [1]. This means you are providing no valid resource scopes in your requests.
-Aaron (Cerner)
Sophia Ye
Apr 12, 2021, 12:02:58 PM4/12/21
to cerner-fhir...@googlegroups.com
I got rid of "patient/*read" last week on April 6 and added these scopes: "user/Patient.read", "user/Encounter.read", "patient/Encounter.read", and "patient/Patient.read", but I have still been getting 403 errors. Are these scopes still incorrect or is there another reason for the 403 error?
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/081af38a-1749-4fce-a73b-22719d8cb036n%40googlegroups.com.
Aaron McGinn (Cerner)
Apr 12, 2021, 3:44:08 PM4/12/21
to Cerner FHIR Developers
Can you provide the X-Request-Id of the failure?
-Aaron (Cerner)
Sophia Ye
Apr 12, 2021, 5:51:05 PM4/12/21
to cerner-fhir...@googlegroups.com
I still am unable to find the X-Request-Id in the developer console - I do not see it listed under “Request Headers.” Is it possible to look through the logs again to see the latest requests that were made?
Thanks!
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/bf955237-920c-4e48-b884-f67d23363363n%40googlegroups.com.
Sophia Ye
Apr 13, 2021, 2:00:42 PM4/13/21
to cerner-fhir...@googlegroups.com
Hi,
Just wanted to follow up again on this as it is quite perplexing. I haven’t found an X-Request-Id in my request headers, but if you look through the logs at the most recent requests that I have sent, you should be able to see that I had gotten rid of the wildcard scope but am still experiencing this 403 error.
Client Id: c99b2a80-2025-4126-8fcb-eb3efde048c5
App Id: 7e1b6e34-31dd-42f0-afaa-da25fecd1a97
Any suggestions you can provide would be greatly appreciated. Thank you for your help!
Aaron McGinn (Cerner)
Apr 14, 2021, 2:04:24 PM4/14/21
to Cerner FHIR Developers
What is in the Response tab for headers? I am having trouble finding any transactions for your client id.
I do see in your app configuration, the only scopes you have are patient/Encounter.read and patient/Patient.read, so if you are providing user/Encounter or user/Patient, they will not be valid. Also, if you are providing patient/Encounter or patient/Patient, you will need to supply a patient ID in the request.
-Aaron (Cerner)
Sophia Ye
Apr 29, 2021, 3:59:47 PM4/29/21
to Cerner FHIR Developers
Thank you for your help! We ended up figuring it out, we had incorrectly configured our AWS Web Application Firewall so we were getting that 403 error.
Reply all
Reply to author
Forward
0 new messages