unable to get Organization resource bundle from using system account

[Amit Joshi]

Hi Team,

I have a system account with Guid  fadc4cee-1b61-4dd3-8ac0-c1bda878cdf6 and a smart app in the sandbox with same client id with system type. I have added almost all the scopes including Organization scope in the app (system/Organization.read), but I am not able to fetch the Organization resource bundle from the endpoint.

I am getting insufficient_scope error in response with X-Request-Id =  4bd5d8cb-9b4f-45d4-84fc-422ea04248d6.

Please help me with this issue.

Thanks and regards,

Amit Joshi

[Amit Joshi]

Please also find the response body for your reference

"resourceType": "OperationOutcome",

    "issue": [

        {

            "severity": "error",

            "code": "forbidden",

            "diagnostics": "Bearer realm=\"fhir-ehr-code.cerner.com\", error=\"insufficient_scope\"",

            "expression": [

                "http.Authorization"

            ]

        }

    ]

}

[Fenil Desani (Cerner)]

Hello,

Your token only has the system/Patient.read and system/Observation.read scope. You need to provide system/Organization.read scope as well.

http://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system

Thanks,

Fenil

[Amit Joshi]

Earlier I had created an app with patient and observation scope only. But After adding more scopes to the app it wasnt working. So I deleted that app and created a new app with the system account guid with more scopes. But still I am getting the same issue. Is it a bug from cerner side cause the scope in token is not changing. I am requesting new Bearer token using Oauth flow Base64(clientId:Secret) in the Authrization header. It should update the scope in token also.

Please help.

Thanks and regards,

Amit Joshi

[Amit Joshi]

Ok I got it. The error is from my end. I didn't provide the organization scope in the body of the token request. It is working. Thanks for the help Fenil.

Regards,

Amit Joshi