Skip to first unread message
Assigned to aaron....@oracle.com by me
Simon Woodworth
Jan 18, 2021, 2:10:18 PM1/18/21
to Cerner FHIR Developers
Hi,
I have a system account created at https://sandboxcernercentral.com/system-accounts/
I used this account ID to create a system app at https://code.cerner.com/developer/smart-on-fhir/apps. This Client ID in this app corresponds to the account ID in my systm account.
Next I do authorisation endpoint discovery at https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/metadata and determine that the correct endpoint for system authorization is https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token.
In Postman, I build a POST token request as follows
Accept: application/json
Authorization: Basic {Base 64 of ClientID:Secret per OAuth2 spec}
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
with a body of
grant_type=client_credentials&scope=system%2FObservation.read%20system%2FPatient.read
In return I get the following:
which points to an error message as below, including Correlation ID
"Unknown Application" was attempting to request access to healthcare data with Abilities Center; unfortunately, the application doesn't appear to be compatible. If you require further assistance, please contact support.
Information to provide to Technical SupportCorrelation ID:
e4156d71-a70f-4aa5-91b0-581c4f5f7634Information to provide to Unknown Application
The credentials used in the client_credentials grant were invalid.Error Code:
urn:cerner:error:authorization-server:oauth2:token:invalid-client-credentialsHave I got the correct authorization endpoint? Is my app registered correctly? I am a little lost, sorry.
Thanks.
Simon.
Aaron McGinn (Cerner)
Jan 20, 2021, 7:02:51 PM1/20/21
to Cerner FHIR Developers
You will need to use your system account in the production CernerCentral portal [1].
-Aaron (Cerner)
Simon Woodworth
Jan 20, 2021, 7:08:24 PM1/20/21
to Cerner FHIR Developers
Hi Aaron,
Thanks. But I don't have a system account in the production portal because I was trying to do this with a sandbox system account first before going near any production system.
Is it not possible to do this with a sandbox system account? I have one set up at https://sandboxcernercentral.com/system-accounts/
Thanks.
Simon.
Aaron McGinn (Cerner)
Jan 20, 2021, 7:12:13 PM1/20/21
to Cerner FHIR Developers
While misleading, the new "public sandbox" domain is in our production cloud region, so you will need to use the production CernerCentral portal and won't access any client production domains until they are allowlisted (typically through the code program validation/implementation effort). The sandbox CernerCentral (that you linked) will be used for client non-production domains. If you do not have an account in the link I gave, you will need to request one and create an app with that account ID.
-Aaron (Cerner)
Simon Woodworth
Jan 20, 2021, 7:18:47 PM1/20/21
to Cerner FHIR Developers
Hi Aaron,
OK, I understand now. I have gone ahead and requested a system account on that link.
Thanks.
Simon.
Simon Woodworth
Jan 26, 2021, 11:30:47 AM1/26/21
to Cerner FHIR Developers
Any chance someone can review my system account request dated January 21st? Thanks! Simon.
Aaron McGinn (Cerner)
Jan 26, 2021, 3:04:01 PM1/26/21
to Cerner FHIR Developers
I reached out to our escalation team and you should get more information on this today.
-Aaron (Cerner)
Simon Woodworth
Jan 27, 2021, 2:15:00 PM1/27/21
to Cerner FHIR Developers
Hi Aaron,
Thank you very much. I subsequently got the system account, created a new system app and am now able to get an auth token for system/Patient.read. This will get me going again!
Thank again for your help.
Cheers,
Simon.
Aditya Agarwal
Feb 19, 2021, 4:45:44 PM2/19/21
to Cerner FHIR Developers
Hey Aaron,
I have the exact same problem. Followed all the steps that were listed in this forum. Been waiting on that service account for 2 weeks now. Hoping you can have your team look into it. Let me know if you need any information from me. The account should be linked to j...@cozeva.com and since we were waiting for a long time I made another request from adag...@cozeva.com.
Thanks,
I have the exact same problem. Followed all the steps that were listed in this forum. Been waiting on that service account for 2 weeks now. Hoping you can have your team look into it. Let me know if you need any information from me. The account should be linked to j...@cozeva.com and since we were waiting for a long time I made another request from adag...@cozeva.com.
Thanks,
Aditya Agarwal (Cozeva)
Aaron McGinn (Cerner)
Feb 22, 2021, 5:53:05 PM2/22/21
to Cerner FHIR Developers
Aditya, we emailed you about your account it looks like on Feb 10. Were you ever able to get those questions resolved?
-Aaron (Cerner)
Aditya Agarwal
Feb 22, 2021, 6:15:07 PM2/22/21
to Cerner FHIR Developers
Hey Aaron,
Thanks for getting back to me, As we replied to that email: that request was for a sandbox service account, we have since removed that request and wanted to get a service account for the production portal as mentioned in this thread. If you could help me get that approved, that would be great.
Thanks,
Aditya (Cozeva)
Aditya (Cozeva)
Aaron McGinn (Cerner)
Feb 23, 2021, 6:24:21 PM2/23/21
to Cerner FHIR Developers
Figured out the confusion and got this taken care of offline.
-Aaron (Cerner)
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages