Authentication Error Curl Command

[Haitai Ng]

Hi Cerner, 

I was wondering if I could get some assitance on my curl command. I am receiving the following error: "error":"invalid_client","error_uri":"https://authorization.cerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Ainvalid-client-credentials/instances/ ....... client=unknown...." . 

Curl Command: 

curl -X POST 'https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token' \

  -H 'Accept: application/json' \

  -H "Authorization: Basic $(echo -n $SYSTEM_ACCOUNT_CLIENT_ID:$SYSTEM_ACCOUNT_CLIENT_SECRET | base64)" \

  -H 'Content-Type: application/x-www-form-urlencoded' \

  -H 'cache-control: no-cache' \

  -d 'grant_type=client_credentials&scope=system%2FObservation.read%20system%2FPatient.read'

Just to clarify: 

• The SYSTEM_ACCOUNT_CLIENT_ID should be equal to the Account ID under Account Details in the https://sandboxcernercentral.com/system-accounts/
• The SYSTEM_ACCOUNT_CLIENT_SECRET should be equal to "Secret" listed in Secrets in https://sandboxcernercentral.com/system-accounts/

Thank you for your time,

Haitai

[Fenil Desani (Cerner)]

Hello,

You need a System Account in  https://cernercentral.com/system-accounts to access our public Sandbox.
Please refer to : http://fhir.cerner.com/authorization/#registering-a-system-account for more information.

Thanks,

Fenil (Cerner)

[Haitai Ng]

Hi Fenil, 

Thank you for the timely response. I have system accounts in  https://cernercentral.com/system-accounts and in https://sandboxcernercentral.com/system-accounts/ . As you have instructed, I have replaced the SYSTEM_ACCOUNT_CLIENT_ID and SYSTEM_ACCOUNT_CLIENT_SECRET with the values that are listed in my https://cernercentral.com/system-accounts . I re-executed the same curl command  am still seeing the same error. 

Thank you for your time,

Haitai 

[Fenil Desani (Cerner)]

Would you mind sharing your clientID?

[Haitai Ng]

Sure. For which domain https://cernercentral.com/system-accounts and in https://sandboxcernercentral.com/system-accounts/ ? Isn't clientID considered a security credential? I would feel more comfortable sharing this in a private channel 

[Haitai Ng]

Resolution: The problem was we had a System Account but our application was NOT a System Application. To create a System application in  https://code.cerner.com/developer/smart-on-fhir/apps you will need to insert your System Account ID into the GUID field. 

What if you already have a patient or provider application, can I just convert this to a System application? The answer is no. Once you register an app, the app is immediately registered and has a client ID. In this situation you will have to create a new system application. 

When you register the System App and provide the System Account ID (GUID) the GUID becomes your System App's clientID and a connection is established between your System App & System Account.