Invalid client credentials for system account on FHIR R4 sandbox

[eve...@gmail.com]

I'm attempting to get authorization using a system account to an application the FHIR R4 sandbox.

1. I registered for a system account via https://cernercentral.com/system-accounts

2. I have an application registered here: https://code.cerner.com/v2/developer/smart-on-fhir/apps
3. The application is registered on the r4 sandbox here https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d

I'm using ec2458f2-1e24-41c8-b71b-0e701af7583d as the tenant in the authorization request. Is that correct?

For the credentials, per these instructions, I am using:
* $SYSTEM_ACCOUNT_CLIENT_ID = client id of app registered in code.cerner.com

* $SYSTEM_ACCOUNT_CLIENT_SECRET = secret of system account defined on cernercentral

The error I am receiving is:
"invalid_client"
urn:cerner:error:authorization-server:oauth2:token:invalid-client-credentials
"Unknown Application" was attempting to request access to healthcare data with Abilities Center; unfortunately, the application doesn't appear to be compatible. If you require further assistance, please contact support.

I have a correlation ID, if that helps:

62dfd90c-ef3f-457d-a7b2-5cc61e509b35

Can you provide some guidance on what I'm doing wrong? Thank you in advance!

[eve...@gmail.com]

I figured out my problem... I missed the information at the top of the page about associating the client application with the system account. After I registered a new application and selected "system", it prompted me for the system account id, and I was able to get an auth token.

However, take note: If I change the type of the client application to "system" after it's already been created, it doesn't prompt me to enter the system account id. You can only do that for new client application registrations.

[Aaron McGinn (Cerner)]

Apologies for missing your original post! You are correct, the portal does not allow the client ID of an application to be changed after creation.

-Aaron (Cerner)