403 error for retrieving resources we should have scopes for

[Alexander Goel]

Hi,

We're having an issue with the sandbox where we changed the scopes for our app and the sandbox still blocks us from accessing that information.

For example, we didn't originally have allergy intolerance in our app scope, but after trying to add it, the sandbox still provides a 403.

I attached some screenshots with the console errors.

[Esmeralda Bolanos (Cerner)]

Greetings,

Can you please provide an X-Request-Id for the AllergyIntolerance request returning 403? 

As for the Consent request, it doesn't look like Consent.read is part of the app.

Thank you,

   Esme

[Alexander Goel]

Hi Esme, 

Here it is for the allergy intolerance: 

X-Request-Id

45fe62b7-9860-4d13-b262-3e11f3783a2d

Alex

Alex Goel
PuraJuniper Inc.

--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/fIs404tQRMI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/6dfe7720-4401-4bec-9b34-557b2d5abaa3n%40googlegroups.com.

[Esmeralda Bolanos (Cerner)]

Thank you.

According to our logs the bearer token being used in the request only has the following scopes:

fhirUser, launch, online_access, openid, patient/Condition.read, patient/Encounter.read, patient/MedicationRequest.read, patient/Observation.read, patient/Patient.read

There is no AllergyIntolerance scope, hence the 403.

You would need to add this scope when requesting the bearer token.

Thank you,

   Esme (Cerner)

[Alexander Goel]

Thanks! Can’t believe I missed that.

Alex

Alex Goel
PuraJuniper Inc.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/2588d436-c67a-49e0-8352-2edbdb57242en%40googlegroups.com.