Authorization Token and Expiry Time

[Shilpa sunil kumar]

Hi ,

I have few doubts on the refresh token and extending expiry time for the access token.

I am trying for a System scope and I follow: https://fhir.cerner.com/millennium/r4/

1. I am not able to get refresh_token as part of the token response. Is it possible to get a refresh_token for System scope.

2. Is it possible to obtain a single access token that covers for all system scopes (eg: Patient.read, Patient.write, Encounter.read and so on..)

3. Is it possible to increase the expires_in time for access_token in any way, so it lasts for longer periods of time. I did read about obtaining refresh_token using offline_access but unable get the same as well for System scope.

Need help on the above topics.

Thanks in advance,

Shilpa

[Benjamin Eichhorn (Cerner)]

Hi Shilpa,

Yes it is possible to get a refresh token for System access. We have this documented here. Yes it is possible to obtain a single access token that contains all system scopes, you will have to request it, but, be aware, while you can do this within our sandbox environment, as your app goes through the code Program and our validation, we will limit the app to only the scopes that the app is using. No it is not possible to increase the expires_in time for access tokens, you will need to refresh the token. 

Thanks,

Ben (Cerner)

[Shilpa sunil kumar]

Hi Ben,

Thank you for your quick response.

 I did read about obtaining refresh_token using offline_access and online_access. I tried the same but I am not able to get refresh_token as part of the token response for System 

scope. 

CernerCorrelationId:a7d45deb-4ee1-4337-a180-2e961b1f41f9

I tried for scope:system/*.* but ended up obtaining a "unauthorizedclient" response. I think i am getting the scope wrong. What scope should i be providing to get a token for all system scopes.

CernerCorrelationID:4986c9c2-424c-4b64-ad36-d623c1b4507c

Need help to obtain refresh_token for all System scopes.

Thanks in advance.

[Benjamin Eichhorn (Cerner)]

My apologies,

I was incorrect. You cannot refresh system tokens as the point behind refreshing is to prevent a user from being prompted again for access. Since there is no user behind a system access call there is no need to refresh. You will simply need to request a new token after the last expires.  

Thanks,

Ben (Cerner)

[Shilpa sunil kumar]

Thank you Ben for the quick reply.

One more question, can i get a single token for all system scope's, if  that's possible, please help me with what scope i should provide in that case.

Regards,

Shilpa

[Benjamin Eichhorn (Cerner)]

Hi Shilpa,

You will need to request each individual scope to request all scopes. We do not support wildcard scopes.

Thanks,

Ben (Cerner)

[Michele Mottini]

...but nothing stops you to ask for multiple scopes at the same time - so you can have as many as you want / need

  - Michele

  CareEvolution Inc

[Shilpa sunil kumar]

Thanks Michele. Will try that.

- Shilpa

[Shilpa sunil kumar]

Sure Ben. Thank you.

-Shilpa