Insufficient scope for Location in secured fhir

107 views

authorization

Skip to first unread message

Assigned to jenni...@gmail.com by aaron....@oracle.com

Peter Grazaitis

unread,

Feb 23, 2021, 11:35:03 AM2/23/21

to Cerner FHIR Developers

I can confirm other queries for resources are working and I see the oAuth is including user/Location.read

I confirmed the apps configuration in the sandbox also specifies user/Location.read.

X-Request-Id: 76fb9256-4de0-46b6-8d85-edc461a373db

GET https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/Location?_id=21304876

Thanks,

-Pete G

Jenni Syed (Cerner)

unread,

Feb 23, 2021, 12:55:00 PM2/23/21

to Cerner FHIR Developers

Hi Pete,

It looks like the application is requesting some conflicting scopes:

patient/Location.read patient/Patient.read patient/Person.read profile user/Appointment.read user/Appointment.write user/Location.read user/Patient.read user/Person.read user/Practitioner.read

Can the application be changed to only use a single scope for each resource? IE: having both patient/Patient.read AND user/Patient.read for the same token are conflicting. In addition, Location isn't a patient-focused resource, so you will want to request only user/Location.read for that, just like was done for Practitioner above (the others should be chosen based on the app workflow).

Regards,

Jenni

Reply all

Reply to author

Forward

This conversation is locked

You cannot reply and perform actions on locked conversations.

0 new messages