Expect-CT: enforce, max-age=30
WWW-Authenticate: Basic realm="CernerCare"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: OPTIONS, POST
Access-Control-Allow-Headers: Content-Type, Authorization, Accept, Cerner-Correlation-Id
Cache-Control: no-store
Pragma: no-cache
Cerner-Correlation-ID: d7edfa4b-c18e-4b57-99bc-20f9c1ae6946
Content-Type: application/json;charset=UTF-8
Content-Length: 276
Date: Thu, 21 Jan 2021 21:45:14 GMT
Server: cloud_authorization_server1
Strict-Transport-Security: max-age=631138519; includeSubDomains
Expect-CT: enforce, max-age=30
WWW-Authenticate: Basic realm="CernerCare"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: OPTIONS, POST
Access-Control-Allow-Headers: Content-Type, Authorization, Accept, Cerner-Correlation-Id
Cache-Control: no-store
Pragma: no-cache
Cerner-Correlation-ID: 9313675d-252c-4b6c-a8e6-fdc641596a10
Content-Type: application/json;charset=UTF-8
Content-Length: 276
Date: Thu, 21 Jan 2021 21:47:20 GMT
Server: cloud_authorization_server1
Strict-Transport-Security: max-age=631138519; includeSubDomains
{
"error": "invalid_client",
}
Sanitized output from verbose mode included below:
chriskavan@Chriss-MacBook-Pro ~ % curl -v -X POST 'https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token' \
-H 'Accept: application/json' \
-H "Authorization: Basic ##REDACTED##" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache' \
-d 'grant_type=client_credentials&scope=system%2FObservation.read%20system%2FPatient.read'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 159.140.206.14...
* TCP_NODELAY set
* Connected to authorization.cerner.com (159.140.206.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=Missouri; L=Kansas City; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=Delaware; O=Cerner Corporation; businessCategory=Private Organization; serialNumber=2103665; CN=authorization.cerner.com
* start date: Mar 11 17:27:37 2020 GMT
* expire date: Mar 11 17:57:36 2022 GMT
* subjectAltName: host "authorization.cerner.com" matched cert's "authorization.cerner.com"
* issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2014 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1M
* SSL certificate verify ok.
> POST /tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token HTTP/1.1
> Host: authorization.cerner.com
> User-Agent: curl/7.64.1
> Accept: application/json
> Authorization: Basic ##REDACTED##
> Content-Type: application/x-www-form-urlencoded
> cache-control: no-cache
> Content-Length: 85
>
* upload completely sent off: 85 out of 85 bytes
< HTTP/1.1 401
< Expect-CT: enforce, max-age=30
< WWW-Authenticate: Basic realm="CernerCare"
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: OPTIONS, POST
< Access-Control-Allow-Headers: Content-Type, Authorization, Accept, Cerner-Correlation-Id
< Cache-Control: no-store
< Pragma: no-cache
< Cerner-Correlation-ID: e72ed0ab-4d80-4063-b7c3-3ffa75f2a7e7
< Content-Type: application/json;charset=UTF-8
< Content-Length: 276
< Date: Thu, 21 Jan 2021 22:01:01 GMT
< Server: cloud_authorization_server1
< Strict-Transport-Security: max-age=631138519; includeSubDomains
<
* Connection #0 to host authorization.cerner.com left intact
{"error":"invalid_client","error_uri":"https://authorization.cerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Ainvalid-client-credentials/instances/e72ed0ab-4d80-4063-b7c3-3ffa75f2a7e7?client=unknown&tenant=ec2458f2-1e24-41c8-b71b-0e701af7583d"}* Closing connection 0