authorization questions 403 and invalid_client

56 views

authorization

Skip to first unread message

Assigned to desani...@gmail.com by eric.s...@cerner.com

Stan Bell

unread,

May 18, 2021, 1:02:44 PM5/18/21

to Cerner FHIR Developers

i'm trying to authenticate a SMART app with user scopes. i'm familiar with system account access most recently, without SMART, so i'm missing something fundamental here.

the app is registered and i have a client id, but i have no "secret"

i'm using the registered client id in a FHIR.oauth2.authorize call (on fhir-open.sandboxcerner.com) but getting 403 forbidden response, and
i'm trying from postman with the same 403 response
i'm trying from a non-SMART test harness and getting an invalid_client, presumably because i'm supplying a accountId (the client id) but no secret

(using the test tenant r4 route, r4/ec2458f2-1e24-41c8-b71b-0e701af7583d)

questions:

user or provider scope does not require a secret in the credentials? since .authorize doesn't have a parameter for it

how long is the registration delay before the client is recognized?

what else might be failing here?

Fenil Desani (Cerner)

unread,

May 24, 2021, 2:29:26 PM5/24/21

to Cerner FHIR Developers

Hello Stan,

The is a difference between System App and Provider/Patient App Auth workflow.

System App - http://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system

Provider App/Patient App - http://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-user

Provider Apps do not require a secret.

After the App is registered it takes approx. 10-15 minutes for the changes to reflect.

Do you get back a correlationId for the failure?

Thanks,

Fenil (Cerner)

Stan Bell

unread,

May 24, 2021, 2:46:18 PM5/24/21

to cerner-fhir...@googlegroups.com

thanks Fenil. I"ll have a chance to test again tomorrow. missed that topic i guess, not sure why.

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/f06fa8c1-8727-4625-84da-41a6e1568192n%40googlegroups.com.

Stan Bell

Project Manager | Juxly LLC

(888) 399-0359 cell 417 840 2286

Reply all

Reply to author

Forward

0 new messages