VERIFY ACCESS_TOKEN

57 views
Skip to first unread message
Assigned to Fenil....@cerner.com by me

Abu Huraira

unread,
Aug 25, 2021, 9:13:23 AM8/25/21
to Cerner FHIR Developers
Hi!
I am getting access_token in javascript application from cerner and I want to send this token to another application (there I want to verify this token is valid or not). How can I verify this token. (or simply what is the endpoint where I send this token and verify).
Regards
Huraira

Fenil Desani (Cerner)

unread,
Aug 25, 2021, 10:30:41 AM8/25/21
to Cerner FHIR Developers
Hello,

Generally applications do NOT validate access tokens (per OAuth standard, the access token is an opaque string to applications and should not be “opened”)

If you're referring to the id_token validation, please see this documentation: http://fhir.cerner.com/authorization/openid-connect/
The jwks url is advertised within the JWT id_token as required by the specification.

You can also use introspect URL to to determine the active state of an OAuth 2.0 token and to meta-information about the token http://fhir.cerner.com/authorization/authorization-specification/#discovery 

Thanks,
Fenil

Abu Huraira

unread,
Aug 25, 2021, 11:10:39 AM8/25/21
to Cerner FHIR Developers
Thanks  Fenil Desani for response.
I have an ambiguity related to access_token.
when I post access_token to introspect Url response is 
{
active: false
}
but at the same time I make the Get request to practitioner then response is 200 OK.
what is that means?
Is access_token is valid or not.
by seeing the response of introspect url it seems to be not valid token, but practitioner get request it seems to be valid.

kindly correct me where I am wrong.
Regards
Huraira

Fenil Desani (Cerner)

unread,
Aug 25, 2021, 3:46:49 PM8/25/21
to Cerner FHIR Developers
Are you using the https://fhir-open.. endpoint?

Abu Huraira

unread,
Aug 25, 2021, 4:53:25 PM8/25/21
to cerner-fhir...@googlegroups.com
Before I was using open but now it is working fine. Thanks

--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/RNQ9y6ov5ms/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/9645b3bc-3376-431e-9e39-938094dbb513n%40googlegroups.com.
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages