Can't get certain test patient on `fhir-ehr-code.cerner.com`

108 views
Skip to first unread message
Assigned to aaron....@cerner.com by me

Andrew

unread,
Jun 24, 2021, 12:54:18 PM6/24/21
to Cerner FHIR Developers
Hi.
We're currently working on some functionality that require certain data to be available on the patient. That patient has been created for us and we can reach it by the auth-free url here:


but for some reason, it is not available here


The questions are:
1. Are those domains represent different databases under the hood or should we expect a patient created in one place to be available in the other? 

2. The `https://code.cerner.com/developer/smart-on-fhir/apps` console, as far as I can tell, is only able to use the domain with authorization (i.e. fhir-ehr-code.cerner.com) so assuming the test patient is not available on that resource, what would be the best way to replace one url with the other?  Is there any other way to force the console to call that other url instead?

3. If the answer to the items above is 'No', can we have that patient duplicated on the other resource by any chance?

Thanks.

Aaron McGinn (Cerner)

unread,
Jun 24, 2021, 3:39:36 PM6/24/21
to Cerner FHIR Developers
The UUID in the path before the resource is the tenant/domain that is being used. These requests are using the same database/information.

Are you getting an error? I just tried your second link and the patient returned for me. Could you provide the X-Request-Id from the response headers of the request you are not seeing what you expect?

-Aaron (Cerner)

Andrew

unread,
Jun 24, 2021, 3:43:27 PM6/24/21
to Cerner FHIR Developers
Sure. 


is 

{
    "resourceType": "Bundle",
    "id": "d21c3404-25e1-4390-9152-cc3a7125f33f",
    "type": "searchset",
    "total": 0,
    "link": [
        {
            "relation": "self",
        }
    ]
}

The X-Request-Id is:  2101ba65-c293-4685-a849-0b6850876d28

Aaron McGinn (Cerner)

unread,
Jun 24, 2021, 5:04:41 PM6/24/21
to Cerner FHIR Developers
Does this happen every time? I am still not able to recreate it, even using the same user. I looked into security settings to make sure the user has access to see the patient (it does), so I'm trying to recreate it to figure out what may be going on.

-Aaron (Cerner)

Andrew

unread,
Jun 25, 2021, 1:58:03 AM6/25/21
to Cerner FHIR Developers
Yes, it happens all the time.
Here is the most recent X-Request-Id:  61816e5c-dac7-4ee8-a852-ddc5fc6091cb

Perhaps (though unikely) the reason is how I'm getting the Authorization header? I'm using Developer Portal for that. Once it hits my local callback resource - I'm able to grab the Auth header and then use it to call the new Patient url alone.

Stan Bell

unread,
Jun 25, 2021, 10:20:05 AM6/25/21
to cerner-fhir...@googlegroups.com
Aaron, working with Andrew on the same project, i'm getting the same results via postman:  can get any of the test patients on the open link, including "Bellwether, Patient B" but can only get the "normal", old test patients on the authenticated url, not bellwether.  but my test also got a token using the same creds as Andrew used, so maybe related to the app registration?  we're registered as a provider app type.  the app id is 22d5e3ab-2c4c-469d-9368-cf523c8daeac.

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/543947b0-5bdb-40c7-84da-14c8a7abb076n%40googlegroups.com.


--
Stan Bell
Project Manager | Juxly LLC

Andrew

unread,
Jun 30, 2021, 9:56:00 AM6/30/21
to Cerner FHIR Developers
Hi Aaron, do you happen to have any updates on this?

Aaron McGinn (Cerner)

unread,
Jun 30, 2021, 10:59:29 AM6/30/21
to Cerner FHIR Developers
Apologies, I meant to get back to you earlier this week. It looks like you may be hitting the workflow where you are authorizing for a single patient in context with patient/Patient.read, but then the Bellwether patient is not the one you authorized for, you would not be able to see it in your search results. Can you verify the patient ID in your auth request is the same that you're looking at for Bellwether? Or use user/Patient.read scope in the meantime?

-Aaron (Cerner)

Andrew

unread,
Jul 1, 2021, 9:14:29 AM7/1/21
to Cerner FHIR Developers
Yeah, that's possible that the token I'm using is the root cause of the issue, but I'm not sure where to look for the patient id.
As I mentioned before, I'm using https://code.cerner.com/developer/smart-on-fhir in order to initiate provider flow and the console indeed asks me to use a specific patient from the list. After that it goes to the authorization site and asks for standard login/password (portal/portal) and then redirects me back to my application with a token.

The thing is I'm not seeing any patient ids in that auth request. Here is my auth request for Wilma Smart (a standard test patient):

FORM DATA:
code:
f26665f8-c571-4494-ac1b-a2241bcd36b2
grant_type:
authorization_code
redirect_uri:
client_id:
610bf39e-e89f-4a6b-b675-1015516d6f7d

And the result is the token with requested patient id:

{
. . .
access_token: "eyJraWQ. . ."
expires_in: 570
id_token: "eyJraWQ. . ."
patient: "12724065"
refresh_token: "eyJp. . ."
scope: "launch online_access openid patient/Observation.read patient/Patient.read profile"
smart_style_url: "https://smart.cerner.com/styles/smart-v1.json"
tenant: "ec2458f2-1e24-41c8-b71b-0e701af7583d"
token_type: "Bearer"
user: "12742069"
username: "portal"
. . .
}

Can you please suggest on how to properly pick the right one we need?

Le Zhang

unread,
Jul 4, 2021, 10:59:36 PM7/4/21
to Cerner FHIR Developers
I've got the exact same problem with you. Here is my solution.

The "launch" scope you included requires you to put a launch parameter in your initial request for a code. This launch parameter is a GUID/UUID generated when you clicked Begin Testing button and picked a patient to continue.
Using "launch" limit result returned when API call is deemed as using patient/xxx.read scope. In this particular case, patient search API call is treated as in the scope of patient/Patient.read as Aaron had pointed out. This limited the result to be returned to only the patient you selected when you clicked Begin Testing.
2.png

To be able to search the whole practice, you need to remove "launch" and "patient/xxx.xxx" from scope and launch from query strings in your initial request for Code.
1.png

Hope this helps.

Reply all
Reply to author
Forward
0 new messages