Invalid tenant id on get access
350 views
Skip to first unread message
David Walto
Feb 27, 2018, 5:26:49 PM2/27/18
to Cerner FHIR Developers
If this is a question about an error or issue you are seeing, please fill out the following fields:
- Issue Summary: (include links to documentation, and describe what you've tried so far. Do NOT include request or response bodies unless this is from our public sandbox)
When I try to get the access token endpoint I get the error. I have double checked the tenant id and it seems to be correct
The i the response error:
{\"error\":\"invalid_request\",\"error_uri\":\"https://authorization.sandboxcerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Acode-invalid-redirect-uri/instances/ac848b21-e4a5-41b9-971b-8b82b33b9e0a?client=264edfcf-a408-4f87-ae2c-e3a74c2c3d82&tenant=0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca\"}","status":400,"ok":false,"statusText":"HTTP/1.1 400","headers":{"Pragma":["no-cache"],"Cache-Control":["no-store"],"Content-Type":["application/json;charset=UTF-8"]},"type":2,"url":"https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"}
This is the error url:
- X-Request-Id or CorrelationId: (from Response or Error Message)
"cdc" was attempting to request access to healthcare data with UNKNOWN_TENANT; unfortunately, the application doesnt appear to be compatible. If you require further assistance, please contact support.
Information to provide to Technical Support
- Correlation ID
- ac848b21-e4a5-41b9-971b-8b82b33b9e0a
Jenni Syed (Cerner)
Feb 28, 2018, 11:41:48 AM2/28/18
to Cerner FHIR Developers
Hi David,
It looks like the error is complaining about an invalid redirect uri for that call (the error uri has this code in it). I'm not sure why it says unknown tenant on the display of the error, it looks like the server behind the scenes does have the correct tenant.
Can you double-check that the redirect being sent in matched exactly with the way it was registered (same port, no additional path details)?
~ Jenni
David Walto
Feb 28, 2018, 2:23:59 PM2/28/18
to Cerner FHIR Developers
Hi Jenni,
I am trying to authenticate to FIHR thru a mobile application. I can run the authorize thru Postman because I pass the information thru the OAuth2 authenticate screen.
In the mobile app I think I have to do it in two steps:
Step 1.
var browserRef = window.open("https://authorization.sandboxcerner.com/"+"tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"+"?client_id=264edfcf-a408-4f87-ae2c-e3a74c2c3d82&response_type=code&scope=user%2FPatient.read"+"&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2F&state=120d4e4b-91ef-1e55-de83-bbb2ed9a3b4f"+"&aud=https%3A%2F%2Ffhir-ehr.sandboxcerner.com%2Fdstu2%2F0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca"https://authorization.sandboxcerner.com/ , "_blank", "location=no,clearsessioncache=yes,clearcache=yes");
Open a browser to the authorize URL. This works, I enter the Cerner credentials and the code and state are returned.
Step 2.
I user the returned code and state to build the encoded parms.
let urlSearchParams = new URLSearchParams();
urlSearchParams.set('code', pcode);
urlSearchParams.set('client_id', '264edfcf-a408-4f87-ae2c-e3a74c2c3d82');
urlSearchParams.set('grant_type', 'authorization_code');
urlSearchParams.set('state', '120d4e4b-91ef-1e55-de83-bbb2ed9a3b4f');
let body = urlSearchParams.toString()
Then I call the token url
let url ="https://authorization.sandboxcerner.com/"+"tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"+"&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2F";https://authorization.sandboxcerner.com/
This is where I'm getting the error. I didn't have the redirect uri when I was getting the error before.
I am trying to authenticate to FIHR thru a mobile application. I can run the authorize thru Postman because I pass the information thru the OAuth2 authenticate screen.
In the mobile app I think I have to do it in two steps:
Step 1.
var browserRef = window.open("https://authorization.sandboxcerner.com/"+"tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"+"?client_id=264edfcf-a408-4f87-ae2c-e3a74c2c3d82&response_type=code&scope=user%2FPatient.read"+"&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2F&state=120d4e4b-91ef-1e55-de83-bbb2ed9a3b4f"+"&aud=https%3A%2F%2Ffhir-ehr.sandboxcerner.com%2Fdstu2%2F0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca"https://authorization.sandboxcerner.com/ , "_blank", "location=no,clearsessioncache=yes,clearcache=yes");
Open a browser to the authorize URL. This works, I enter the Cerner credentials and the code and state are returned.
Step 2.
I user the returned code and state to build the encoded parms.
let urlSearchParams = new URLSearchParams();
urlSearchParams.set('code', pcode);
urlSearchParams.set('client_id', '264edfcf-a408-4f87-ae2c-e3a74c2c3d82');
urlSearchParams.set('grant_type', 'authorization_code');
urlSearchParams.set('state', '120d4e4b-91ef-1e55-de83-bbb2ed9a3b4f');
let body = urlSearchParams.toString()
Then I call the token url
let url ="https://authorization.sandboxcerner.com/"+"tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"+"&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2F";https://authorization.sandboxcerner.com/
This is where I'm getting the error. I didn't have the redirect uri when I was getting the error before.
I added it and now I get: localhost:8080 is not allowed by access-control-alloe-orgin
I don't know why its trying to go to port 8080 because I have everything pointed to 8100.
Thanks Dave
Thanks Dave
Reply all
Reply to author
Forward
0 new messages