error="insufficient_scope" while requesting patient details

80 views
Skip to first unread message

Shehraz Khan

unread,
Jun 23, 2020, 12:10:13 PM6/23/20
to Cerner FHIR Developers
Hi I am trying to get patient details from fhir API but it is saying insufficient_scope.

I created an app on https://code.cerner.com/ for the provider, it launches successfully and authenticated but after it tries to call medication or diagnosis. I got error for scope. Is there is anything that I still missing?

The script executes while launching app is following.
 
<script>
     
      FHIR
.oauth2.authorize({
     
        clientId
: "CLIENTID",
       
        iss
: "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca",
        serviceUri
: "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca",
        aud
:"https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca",
       
        scope
: "openid fhirUser launch patient/*.read",


        redirectUri
: "https://MYURL/index.html"
     
});
</script>



The Script for retrieving data is as following
<script type="text/javascript">
            FHIR
.oauth2.ready().then(function(client) {
               
               
// Render the current patient (or any error)
                client
.patient.read().then(
                   
function(pt) {
                        document
.getElementById("patient").innerText = JSON.stringify(pt, null, 4);
                   
},
                   
function(error) {
                        document
.getElementById("patient").innerText = error.stack;
                   
}
               
);
               
               
// Get MedicationRequests for the selected patient
                client
.request("/MedicationRequest?patient=" + client.patient.id, {
                    resolveReferences
: [ "medicationReference" ],
                    graph
: true
               
})
               
               
// Reject if no MedicationRequests are found
               
.then(function(data) {
                   
if (!data.entry || !data.entry.length) {
                       
throw new Error("No medications found for the selected patient");
                   
}
                   
return data.entry;
               
})
               


               
// Render the current patient's medications (or any error)
               
.then(
                   
function(meds) {
                        document
.getElementById("meds").innerText = JSON.stringify(meds, null, 4);
                   
},
                   
function(error) {
                        document
.getElementById("meds").innerText = error.stack;
                   
}
               
);


           
}).catch(console.error);
 
</script>

Thanks,
Shehraz Khan

Michele Mottini

unread,
Jun 23, 2020, 12:12:13 PM6/23/20
to Cerner FHIR Developers
You need the user access scopes I believe (user/Condition.read instead of patient/Condition.read etc)

  - Michele
  CareEvolution Inc

Shehraz Khan

unread,
Jun 23, 2020, 12:28:28 PM6/23/20
to Cerner FHIR Developers
Hi Michele, I tried this 
scope: "openid fhirUser launch user/*.read",

but still same error.
HttpError: 403 Forbidden
URL: https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Patient/4342012

{
"resourceType": "OperationOutcome",
"issue": [
{
"severity": "error",
"code": "forbidden",
"diagnostics": "Bearer realm=\"fhir-ehr.sandboxcerner.com\", error=\"insufficient_scope\"",
"location": [
"http.Authorization"
]
}
]
}
at _callee2$ (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:12342:19)
at tryCatch (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:398:40)
at Generator.invoke [as _invoke] (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:624:22)
at Generator.prototype.<computed> [as next] (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:450:21)
at asyncGeneratorStep (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:99:24)
at _next (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:121:9)

Max Philips (Cerner)

unread,
Jun 23, 2020, 12:32:55 PM6/23/20
to Cerner FHIR Developers
Hello Shehraz Khan,

As noted here: http://fhir.cerner.com/authorization/#construct-the-authorization-request-url, Cerner's authorization server does not support wildcard scopes.

Thanks,
Max (Cerner)
Reply all
Reply to author
Forward
0 new messages