Authorization Token and Expiry Time

97 views
Skip to first unread message

Shilpa sunil kumar

unread,
Jun 3, 2020, 2:56:01 AM6/3/20
to cerner-fhir...@googlegroups.com
Hi ,

I have few doubts on the refresh token and extending expiry time for the access token.

I am trying for a System scope and I follow: https://fhir.cerner.com/millennium/r4/

1. I am not able to get refresh_token as part of the token response. Is it possible to get a refresh_token for System scope.

2. Is it possible to obtain a single access token that covers for all system scopes (eg: Patient.read, Patient.write, Encounter.read and so on..)

3. Is it possible to increase the expires_in time for access_token in any way, so it lasts for longer periods of time. I did read about obtaining refresh_token using offline_access but unable get the same as well for System scope.

Need help on the above topics.

Thanks in advance,
Shilpa



Benjamin Eichhorn (Cerner)

unread,
Jun 3, 2020, 9:36:51 AM6/3/20
to cerner-fhir...@googlegroups.com
Hi Shilpa,

Yes it is possible to get a refresh token for System access. We have this documented here. Yes it is possible to obtain a single access token that contains all system scopes, you will have to request it, but, be aware, while you can do this within our sandbox environment, as your app goes through the code Program and our validation, we will limit the app to only the scopes that the app is using. No it is not possible to increase the expires_in time for access tokens, you will need to refresh the token. 

Thanks,
Ben (Cerner)

Shilpa sunil kumar

unread,
Jun 3, 2020, 10:11:14 AM6/3/20
to cerner-fhir...@googlegroups.com
Hi Ben,

Thank you for your quick response.

 I did read about obtaining refresh_token using offline_access and online_access. I tried the same but I am not able to get refresh_token as part of the token response for System 
scope. 
CernerCorrelationId:a7d45deb-4ee1-4337-a180-2e961b1f41f9

I tried for scope:system/*.* but ended up obtaining a "unauthorizedclient" response. I think i am getting the scope wrong. What scope should i be providing to get a token for all system scopes.
CernerCorrelationID:4986c9c2-424c-4b64-ad36-d623c1b4507c

Need help to obtain refresh_token for all System scopes.

Thanks in advance.

Benjamin Eichhorn (Cerner)

unread,
Jun 3, 2020, 10:36:40 AM6/3/20
to Cerner FHIR Developers
My apologies,

I was incorrect. You cannot refresh system tokens as the point behind refreshing is to prevent a user from being prompted again for access. Since there is no user behind a system access call there is no need to refresh. You will simply need to request a new token after the last expires.  

Thanks,
Ben (Cerner)

Shilpa sunil kumar

unread,
Jun 3, 2020, 10:38:25 AM6/3/20
to cerner-fhir...@googlegroups.com
Thank you Ben for the quick reply.

One more question, can i get a single token for all system scope's, if  that's possible, please help me with what scope i should provide in that case.

Regards,
Shilpa

Benjamin Eichhorn (Cerner)

unread,
Jun 4, 2020, 9:49:36 AM6/4/20
to Cerner FHIR Developers
Hi Shilpa,

You will need to request each individual scope to request all scopes. We do not support wildcard scopes.

Thanks,
Ben (Cerner)

Michele Mottini

unread,
Jun 4, 2020, 9:54:18 AM6/4/20
to Cerner FHIR Developers
...but nothing stops you to ask for multiple scopes at the same time - so you can have as many as you want / need

  - Michele
  CareEvolution Inc

Shilpa sunil kumar

unread,
Jun 4, 2020, 10:46:22 AM6/4/20
to Cerner FHIR Developers

Thanks Michele. Will try that.

- Shilpa

Shilpa sunil kumar

unread,
Jun 4, 2020, 10:49:37 AM6/4/20
to Cerner FHIR Developers

Sure Ben. Thank you.

-Shilpa
Reply all
Reply to author
Forward
0 new messages