error="insufficient_scope" while requesting patient details

[Shehraz Khan]

Hi I am trying to get patient details from fhir API but it is saying insufficient_scope.

I created an app on https://code.cerner.com/ for the provider, it launches successfully and authenticated but after it tries to call medication or diagnosis. I got error for scope. Is there is anything that I still missing?

The script executes while launching app is following.

 

<script>
     
      FHIR.oauth2.authorize({
     
        clientId: "CLIENTID",
       
        iss: "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca",
        serviceUri: "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca",
        aud:"https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca",
       
        scope: "openid fhirUser launch patient/*.read",


        redirectUri: "https://MYURL/index.html"
      });
</script>

The Script for retrieving data is as following

<script type="text/javascript">
            FHIR.oauth2.ready().then(function(client) {
               
                // Render the current patient (or any error)
                client.patient.read().then(
                    function(pt) {
                        document.getElementById("patient").innerText = JSON.stringify(pt, null, 4);
                    },
                    function(error) {
                        document.getElementById("patient").innerText = error.stack;
                    }
                );
               
                // Get MedicationRequests for the selected patient
                client.request("/MedicationRequest?patient=" + client.patient.id, {
                    resolveReferences: [ "medicationReference" ],
                    graph: true
                })
               
                // Reject if no MedicationRequests are found
                .then(function(data) {
                    if (!data.entry || !data.entry.length) {
                        throw new Error("No medications found for the selected patient");
                    }
                    return data.entry;
                })
               


                // Render the current patient's medications (or any error)
                .then(
                    function(meds) {
                        document.getElementById("meds").innerText = JSON.stringify(meds, null, 4);
                    },
                    function(error) {
                        document.getElementById("meds").innerText = error.stack;
                    }
                );


            }).catch(console.error);
 </script>

Thanks,
Shehraz Khan

[Michele Mottini]

You need the user access scopes I believe (user/Condition.read instead of patient/Condition.read etc)

  - Michele

  CareEvolution Inc

[Shehraz Khan]

Hi Michele, I tried this 

scope: "openid fhirUser launch user/*.read",

but still same error.

HttpError: 403 Forbidden
URL: https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/Patient/4342012

{
"resourceType": "OperationOutcome",
"issue": [
{
"severity": "error",
"code": "forbidden",
"diagnostics": "Bearer realm=\"fhir-ehr.sandboxcerner.com\", error=\"insufficient_scope\"",
"location": [
"http.Authorization"
]
}
]
}
at _callee2$ (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:12342:19)
at tryCatch (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:398:40)
at Generator.invoke [as _invoke] (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:624:22)
at Generator.prototype.<computed> [as next] (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:450:21)
at asyncGeneratorStep (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:99:24)
at _next (https://cdn.jsdelivr.net/npm/fhirclient/build/fhir-client.js:121:9)

[Max Philips (Cerner)]

Hello Shehraz Khan,

As noted here: http://fhir.cerner.com/authorization/#construct-the-authorization-request-url, Cerner's authorization server does not support wildcard scopes.

Thanks,

Max (Cerner)