Invalid client error creating auth token for system account
244 views
Skip to first unread message
Tim Dean
May 20, 2022, 12:38:14 PM5/20/22
to Cerner FHIR Developers
I am trying to create a token using a Cerner system account. I am getting an `invalid_client` error. Full info on the error:
Correlation ID: 3a18a210-c4a4-46ef-9f4d-b55d89c98d56
Token URL: https://authorization.sandboxcerner.com/tenants/<tenant-id>/protocols/oauth2/profiles/smart-v1/token
I am using the account ID and secret from my system account as the username:password with basic authentication.
Any recommendations on what I might be doing wrong here?
Fenil Desani (Cerner)
May 23, 2022, 11:04:15 AM5/23/22
to Cerner FHIR Developers
Hello,
Error indicates, you are sending in incorrect clientID. Please make sure you are providing correct client_credentials.
What is your clientID?
Thanks,
Fenil
Tim Dean
May 23, 2022, 11:22:11 AM5/23/22
to Cerner FHIR Developers
Hello Fenil,
I have checked and double-checked the credentials I am trying to use. I am following the documentation at
Authorization (cerner.com), where it says I should be using basic auth with the credentials specified as a base 64 encoding of {client_id}:{client_secret}. According to that documentation, I should be using the system account's ID as the client ID.
Using my system account from where it shows under https://cernercentral.com/system-accounts/, I have the secret and the account ID of 1e3ca78d-5a48-44bb-99a3-355df46e881d. So I base64-encode the string "1e3ca78d-5a48-44bb-99a3-355df46e881d:{secret}" using my actual secret.
Since that hasn't worked I've also tried to use the client ID value from a FHIR system app I've created and linked to this system account. This app was created on the developer console at https://code-console.cerner.com/.
The client ID listed for that application is 1e3ca78d-5a48-44bb-99a3-355df46e881d. When I try to use that client ID I get the same error.
Thanks for any help you can provide.
-Tim
Message has been deleted
Fenil Desani (Cerner)
May 24, 2022, 10:59:13 AM5/24/22
to Cerner FHIR Developers
You have a System Account (1e3ca78d-5a48-44bb-99a3-355df46e881d) in CernerCentral and a relevant App registered in codeConsole. This would only work against our public Sandbox and Prod domains.
For your App, to work in a Health System's non-prod domain, you need to create a System Account in SandboxCernerCentral [1] and then the Health System needs to reach out to Cerner to enable the connections with the client's non-prod domain.
For your App, to work in a Health System's non-prod domain, you need to create a System Account in SandboxCernerCentral [1] and then the Health System needs to reach out to Cerner to enable the connections with the client's non-prod domain.
[1]
- Login to the Cerner Central System Accounts application: https://sandboxcernercentral.com/system-accounts
- If you are a Cerner client developing their own application, you may have a customized URL for Cerner Central that can be used instead. For example: https://yourcompanynamegoeshere.sandboxcernercentral.com/system-accounts
- Fill out the fields as follows:
- Description: <App Name> - SMART/FHIR application - <short description/purpose of the App>
- Production System: No
- Cerner Client: No, unless you are a Cerner Client developing their own application. If you are a client:
- Client Name: Your organization. For example: My Health System
- Client Number: Only fill out if you know this, it is not required.
- Client Mnemonic: Only fill out if you know this, it is not required.
- Millennium System: No
Tim Dean
May 24, 2022, 2:16:55 PM5/24/22
to Cerner FHIR Developers
Thank you for the information, Fenil. I have submitted a new request for a system account in SandboxCernerCentral and am now waiting for that request to be approved.
In the meantime I have tried to use my existing system account and my app registered in codeConsole against our Prod domain. The error I get now says:
```
<Healthcare System Name> has not enabled "<App Name>" for accessing healthcare data yet. If you require further assistance, please contact support
```
Your previous response says I need to "reach out to Cerner to enable the connections with the client's non-prod domain" but I can find no information about who to contact and how to request this on behalf of our Health System. In our weekly CernerWorks meetings we don't seem to have Cerner people who know much about Cerner Ignite setup and configuration and I'm struggling to understand how get the access I need to our non-production and (eventually) or production environments. Is any of this documented anywhere?
Thanks
-Tim
Tim Dean
May 26, 2022, 12:19:08 PM5/26/22
to Cerner FHIR Developers
Still looking for guidance on what is necessary to enable a FHIR app for accessing a client domain. Is there a specific form we need to fill out? Is there a particular role we need to work with as part of our Cerner professional services contract? Please help me understand if and how I might go about using FHIR applications to access our client domain data via FHIR interfaces.
Fenil Desani (Cerner)
May 27, 2022, 10:10:15 AM5/27/22
to Cerner FHIR Developers
You would need to log an SR to Cerner Ignite APIs for Millennium!
Reply all
Reply to author
Forward
0 new messages