Patient facing standalone app access denied in redirect URL

Yashica Jain

unread,

Jun 23, 2020, 3:02:00 PM6/23/20

to Cerner FHIR Developers

Hello All,

I am starting the development of test web application - patient facing standalone launch app in Cerner sandbox Developer portal.

Following is the authorization request URL with status code 303:

https://authorization.sandboxcerner.com/tenants/45343c0c-3f93-4721-874a-258fc4bae3a4/protocols/oauth2/profiles/smart-v1/personas/patient/authorize?response_type=code&client_id=291b19c8-d69e-40c2-85b0-57815be23fcf&scope=profile%20patient/*.read%20launch/patient%20online_access&state=sLV7YjacJEAiYD_PxzySXXXh4z03XIEhnRtWO3wa9IE%3D&redirect_uri=http://localhost:8080/oauth2/callback&code_challenge_method=S256&code_challenge=C3STFlJjwyhENnqCy0sixH0GSzFJ7Buj-TS1HaZfCqw&aud=https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca

I am getting access denied in the redirect URL with status code 304:

http://localhost:8080/oauth2/callback?state=sLV7YjacJEAiYD_PxzySXXXh4z03XIEhnRtWO3wa9IE%3D&error=access_denied&error_uri=https%3A%2F%2Fauthorization.sandboxcerner.com%2Ferrors%2Furn%253Acerner%253Aerror%253Aauthorization-server%253Aoauth2%253Agrant%253Aunknown-tenant%2Finstances%2Fd1e451ff-786a-4231-8f5a-cbe4d4e4c9df%3Fpersona%3Dpatient%26client%3D291b19c8-d69e-40c2-85b0-57815be23fcf%26tenant%3D45343c0c-3f93-4721-874a-258fc4bae3a4

Following are the configurations in the application for patient login through OAuth2:

Client id=291b19c8-d69e-40c2-85b0-57815be23fcf

Scope=profile, patient/*.read, launch/patient, online_access

Redirect-uri=http://localhost:8080/oauth2/callback

Authorization-grant-type=authorization_code

Authorization-uri=https://authorization.sandboxcerner.com/tenants/45343c0c-3f93-4721-874a-258fc4bae3a4/protocols/oauth2/profiles/smart-v1/personas/patient/authorize

Token-uri=https://authorization.sandboxcerner.com/tenants/45343c0c-3f93-4721-874a-258fc4bae3a4/protocols/oauth2/profiles/smart-v1/token

Aud=https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca

Kindly let me know how to solve this problem.

Thanks in advance for any help.

yashic...@icorprated.com

unread,

Jun 24, 2020, 3:50:15 AM6/24/20

to Cerner FHIR Developers

Correlation ID: 6128d2e7-3749-4d50-8efb-5a674d3f8c43

yashic...@icorprated.com

unread,

Jun 30, 2020, 12:34:47 AM6/30/20

to Cerner FHIR Developers

Can someone please take a look into this issue?

Benjamin Eichhorn (Cerner)

unread,

Jun 30, 2020, 9:15:06 AM6/30/20

to Cerner FHIR Developers

Hi,

Apologies for the delay. Are you hard-coding this URLs? The Authorization URI and Token URI both are not URIs that belong to the current sanbox environment. You should be discovering this URIs through the metadata endpoint:

https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/metadata?_format=json