"Unknown Application" was attempting to request access

[Adam Marciniec]

Hi all, so my company wants to setup two types of fhir access, I got through the system type where it would just be a background process on a server checking on things. The other is a provider user type where nurses in our system could search their Cerner patients and import some data to our system if they want.

I'm trying to wire this all up and test it against your secure sandbox for millennia

  I created a new system account in cerner central and a new app in the code-console

clientID is 98206d9e-c7e3-4ffa-9796-dbc30109fa73

I've it rigged up so that the call to authorize goes out to:

https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/personas/provider/authorize

and it pops the auth screen where I enter: portal for username and portal for password.  I couldn't find any info on UN PW for Users, some guidance on that would be appreciated.  Anyway, that portal user works well enough to hit my callback.  I have the clientID and account secret base64 encoded and in a Basic Authorization header just like I do for system, I include the code, grant type, client id like so:

request.AddParameter("grant_type", "authorization_code");
request.AddParameter("code", code);
 request.AddParameter("client_id", "98206d9e-c7e3-4ffa-9796-dbc30109fa73");
request.AddParameter("state", state);
request.AddParameter("Authorization", "Basic .......

And that's where I'm getting this odd failure

Here is the error link:

https://authorization.cerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Ainvalid-client-credentials/instances/f3bafadd-b82b-4ac9-ac48-4a1ec363a30a?client=unknown&tenant=ec2458f2-1e24-41c8-b71b-0e701af7583d

Any help would be appreciated

[Fenil Desani (Cerner)]

Hello,

One System Account can be associated with only 1 App. Your App with ClientID: 98206d9e-c7e3-4ffa-9796-dbc30109fa73 is tied to a provider App and cannot be used for System Apps.

Regarding the error, are you sending the Basic Auth as a param as opposed to a header? It should be base64 encoded (double check on correctness of clientid:clientsecret) and sent in header.

Thanks,

Fenil

[Adam Marciniec]

Hi Fenil,

   I have 2 system accounts, each is only associated with 1 app.

                   

 

 

From: 'Fenil Desani (Cerner)' via Cerner FHIR Developers <cerner-fhir...@googlegroups.com>
Sent: Thursday, August 11, 2022 4:45 PM
To: Cerner FHIR Developers <cerner-fhir...@googlegroups.com>
Subject: Re: "Unknown Application" was attempting to request access

 

Hello,

 

One System Account can be associated with only 1 App. Your App with ClientID: 98206d9e-c7e3-4ffa-9796-dbc30109fa73 is tied to a provider App and cannot be used for System Apps.

 

Thanks,

Fenil

On Thursday, August 11, 2022 at 1:40:12 PM UTC-5 adam.ma...@nursenav.com wrote:

--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/KFx1RyhMJn4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/4da6745c-9dbd-4213-8318-925ab8a4d25dn%40googlegroups.com.

[Adam Marciniec]

You were right about the Authorization, I moved it into the header and now I've got a new error to play with :)

Correlation ID: cb596632-be32-4f11-95bd-22a873dcd25c

The URI provided did not match the original request, or is not a valid URI.

Error Code:

urn:cerner:error:authorization-server:oauth2:token:code-invalid-redirect-uri

[Fenil Desani (Cerner)]

If you are providing a redirect_uri on Authorize call, the same URI needs to be provided on token call as well.