401 Unauthorized on fetching patient with SMART on FHIR R4 sandbox
363 views
Skip to first unread message
Tute Costa
Apr 16, 2019, 3:46:52 PM4/16/19
to Cerner FHIR Developers
Hi! I'm trying to authenticate a patient in our client Ruby application and fetch its data, but all I get back is a seemingly valid token, from which I can't fetch more data.
I'm using fhir_client rubygem version 3.0.2, our test client id is 1e9dd103-1e78-45ed-aed0-491f57ccc0a1 and the scopes we use are:
launch online_access openid patient/Patient.read profile user/Patient.read
We first get the authorization URL, and then use a bearer token similarly to what's described in https://groups.google.com/forum/#!searchin/cerner-fhir-developers/set_bearer_token%7Csort:date/cerner-fhir-developers/t_kue80YyzA/bKOKuEzuBgAJ. Sample code:
def code
code = params.fetch("code")
auth_params = {
aud: session[:cerner_url],
launch: session[:cerner_launch],
redirect_url: REDIRECT_URL,
scope: SCOPE,
}
oauth2_token = oauth2_client.auth_code.get_token(code, auth_params)
fhir_client.set_bearer_token(oauth2_token.token)
fhir_client.read(FHIR::Patient, oauth2_token.params["patient"]).inspect # 401
fhir_client.read(FHIR::Patient, oauth2_token.params["patient"]).resource # 401
fhir_client.read(FHIR::Person, oauth2_token.params["user"]).resource # nil
end
private
def oauth2_client
client_secret = nil
options = fhir_client.get_oauth2_metadata_from_conformance
client_options = {
site: session[:cerner_url],
authorize_url: options[:authorize_url],
token_url: options[:token_url],
raise_errors: true,
}
OAuth2::Client.new(CLIENT_ID, client_secret, client_options)
end
def fhir_client
@fhir_client = FHIR::Client.new session.fetch(:cerner_url)
end
Some response headers:
- "www-authenticate"=>"Bearer realm=\"fhir-ehr.sandboxcerner.com\"",
- "x-request-id"=>"24955c998e582f6276a614732d1040a5",
- :body=>"{\"resourceType\":\"OperationOutcome\",\"issue\":[{\"severity\":\"error\",\"code\":\"login\",\"diagnostics\":\"Bearer realm=\\\"fhir-ehr.sandboxcerner.com\\\"\",\"expression\":[\"http.Authorization\"]}]}"},
How can I fetch more patient data?
Thank you,
Tute.
I'm using fhir_client rubygem version 3.0.2, our test client id is 1e9dd103-1e78-45ed-aed0-491f57ccc0a1 and the scopes we use are:
launch online_access openid patient/Patient.read profile user/Patient.read
We first get the authorization URL, and then use a bearer token similarly to what's described in https://groups.google.com/forum/#!searchin/cerner-fhir-developers/set_bearer_token%7Csort:date/cerner-fhir-developers/t_kue80YyzA/bKOKuEzuBgAJ. Sample code:
def code
code = params.fetch("code")
auth_params = {
aud: session[:cerner_url],
launch: session[:cerner_launch],
redirect_url: REDIRECT_URL,
scope: SCOPE,
}
oauth2_token = oauth2_client.auth_code.get_token(code, auth_params)
fhir_client.set_bearer_token(oauth2_token.token)
fhir_client.read(FHIR::Patient, oauth2_token.params["patient"]).inspect # 401
fhir_client.read(FHIR::Patient, oauth2_token.params["patient"]).resource # 401
fhir_client.read(FHIR::Person, oauth2_token.params["user"]).resource # nil
end
private
def oauth2_client
client_secret = nil
options = fhir_client.get_oauth2_metadata_from_conformance
client_options = {
site: session[:cerner_url],
authorize_url: options[:authorize_url],
token_url: options[:token_url],
raise_errors: true,
}
OAuth2::Client.new(CLIENT_ID, client_secret, client_options)
end
def fhir_client
@fhir_client = FHIR::Client.new session.fetch(:cerner_url)
end
Some response headers:
- "www-authenticate"=>"Bearer realm=\"fhir-ehr.sandboxcerner.com\"",
- "x-request-id"=>"24955c998e582f6276a614732d1040a5",
- :body=>"{\"resourceType\":\"OperationOutcome\",\"issue\":[{\"severity\":\"error\",\"code\":\"login\",\"diagnostics\":\"Bearer realm=\\\"fhir-ehr.sandboxcerner.com\\\"\",\"expression\":[\"http.Authorization\"]}]}"},
How can I fetch more patient data?
Thank you,
Tute.
Hank DeDona
Apr 17, 2019, 9:43:37 AM4/17/19
to Cerner FHIR Developers
What scopes are you requesting vs. what resources are you attempting to access?
Tute Costa
Apr 17, 2019, 9:49:02 AM4/17/19
to cerner-fhir...@googlegroups.com
I'm requesting:
launch
online_access
openid
patient/Patient.read
profile
user/Patient.read
And trying to access a Patient:
fhir_client.read(FHIR::Patient, oauth2_token.params["patient"])
Thanks!
> --
> You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
> To post to this group, send email to cerner-fhir...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/a1389525-fbc9-409a-87bc-e4cadd34eaed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
launch
online_access
openid
patient/Patient.read
profile
user/Patient.read
fhir_client.read(FHIR::Patient, oauth2_token.params["patient"])
Thanks!
> You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
> To post to this group, send email to cerner-fhir...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/a1389525-fbc9-409a-87bc-e4cadd34eaed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Michele Mottini
Apr 17, 2019, 9:51:04 AM4/17/19
to Cerner FHIR Developers
Does oauth2_token.params["patient"] actually contains a patient id or is it empty?
- Michele
CareEvolution Inc
Benjamin Eichhorn (Cerner)
Apr 17, 2019, 9:58:29 AM4/17/19
to Cerner FHIR Developers
Hi Tute,
It appears that your code is not actually setting the Authorization header when making the request which is why you are seeing the OperationOutcome.
Thanks,
Ben (Cerner)
Tute Costa
Apr 17, 2019, 9:58:59 AM4/17/19
to cerner-fhir...@googlegroups.com
It contains an id, which I tried inserting as a hardwired value as
well (both as integer and as string). I verified the patient id is the
one that Cerner displays as a data attribute in the HTML before
launching the app
well (both as integer and as string). I verified the patient id is the
one that Cerner displays as a data attribute in the HTML before
launching the app
Tute Costa
Apr 17, 2019, 12:12:32 PM4/17/19
to cerner-fhir...@googlegroups.com
That was it, thank you very much.
Was calling methods each time on a new instance of `fhir_client`,
instead of using the same one for which I configured the bearer token.
Thanks!
On Wed, Apr 17, 2019 at 10:58 AM 'Benjamin Eichhorn (Cerner)' via
Cerner FHIR Developers <cerner-fhir...@googlegroups.com>
wrote:
Was calling methods each time on a new instance of `fhir_client`,
instead of using the same one for which I configured the bearer token.
Thanks!
On Wed, Apr 17, 2019 at 10:58 AM 'Benjamin Eichhorn (Cerner)' via
Cerner FHIR Developers <cerner-fhir...@googlegroups.com>
wrote:
> --
> You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
> To post to this group, send email to cerner-fhir...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/8509b3d6-3326-490f-9087-53805763a512%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
> To post to this group, send email to cerner-fhir...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages