Invalid access token

69 views
Skip to first unread message
Assigned to Fenil....@cerner.com by me

Sri Harsha Challa

unread,
Sep 24, 2021, 6:33:38 AMSep 24
to Cerner FHIR Developers
Hi Team, 
I am sending the following request through Postman, but I am getting the response as "invalid token" even though I am passing the right Bearer token.

Request:
--------------------------------------------------------------------------------------------------------------
Response Body:
{
    "resourceType": "OperationOutcome",
    "issue": [
        {
            "severity": "error",
            "code": "login",
            "diagnostics": "Bearer realm=\"fhir-ehr-code.cerner.com\", error=\"invalid_token\"",
            "expression": [
                "http.Authorization"
            ]
        }
    ]
}
--------------------------------------------------------------------------------------------------------------
X-Request-Id : f87f2508-a9dd-4a63-840b-697458602279

Am I doing something wrong or is there an issue from the Cerner side?... Please help.

Regards,
Sri Harsha


Fenil Desani (Cerner)

unread,
Sep 27, 2021, 11:42:21 AMSep 27
to Cerner FHIR Developers
Hello,

Can you make sure you are sending in the access_token and not anything else?
Also, was this a one-off error or is happening consistently?

Thanks,
Fenil

Sri Harsha Challa

unread,
Sep 27, 2021, 12:07:37 PMSep 27
to cerner-fhir...@googlegroups.com
Hi Fenil,

I am using the Bearer token received from the cernal central system accounts in the authorization header. 

Also, this is a consistent error message.

Regards,
Sri Harsha



--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/HRU3mxM2Iuo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/21900851-bcb5-40dc-b7bd-d658728c0fc8n%40googlegroups.com.

Disclaimer :  This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual and the views expressed in the same are not necessarily the views of SpinSci Technology LLC. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that we can arrange for proper delivery, and then please delete the message from your inbox.

Fenil Desani (Cerner)

unread,
Sep 27, 2021, 12:12:46 PMSep 27
to Cerner FHIR Developers
For FHIR, you only need to use System Account ID and System Account Secret from the Cerner Central System Accounts to get an access_token which will then be used as Bearer token.

You can find more details here - http://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system
A client performs this request utilizing the “client credentials” flow of OAuth2 to request an access token, using the Basic authentication scheme for passing credentials. The credentials to use to perform this request will be based on the system account.


Thanks,
Fenil

Sri Harsha Challa

unread,
Sep 27, 2021, 12:29:44 PMSep 27
to Cerner FHIR Developers
Hi Fenil, can you please tell me the use of the bearer token that is displayed in this screenshot? 

Token.jpg
Regards,
Sri Harsha

Fenil Desani (Cerner)

unread,
Sep 27, 2021, 12:34:17 PMSep 27
to Cerner FHIR Developers
That is for purpose outside of FHIR context. As I mentioned, please follow the client-credentials workflow for your System Application's Authorization.
Reply all
Reply to author
Forward
0 new messages