Something went wrong trying to authorize the client. Please try logging in again.
1,345 views
Skip to first unread message
Amir Afridi
Sep 22, 2020, 3:10:34 PM9/22/20
to SMART on FHIR
When I try running a new sandbox app, I am getting this error
'
OAuth2 ErrorSomething went wrong trying to authorize the client. Please try logging in again.
'
it looks to be failing on this API ' https://apporchard.epic.com/interconnect-aocurprd-oauth/api/FHIR/R4/.well-known/smart-configuration '
on the auth page, I am calling
this.fhir.oauth2.authorize({ });
//'response_type': 'code',
'client_id': clientId,
//'redirect_uri': redirectUri,
//'state': 'dev',
'scope': 'launch profile openid online_access patient/*.read',
//'launch': 'launch'
Am I missing something on authorization?
Amir Afridi
Sep 23, 2020, 8:38:31 AM9/23/20
to SMART on FHIR
Another question.
Is it possible to see why authorization is failing? I'm running it from AppOrchard rather than a stand-alone app.
Vladimir Ignatov
Sep 23, 2020, 10:05:31 AM9/23/20
to Amir Afridi, SMART on FHIR
Hi Amir,
Be aware that the client makes two parallel requests during the authorization. One for /.well-known/smart-configuration and one for /metadata. It can find the information it needs in any of these locations. However, many servers do not yet support /.well-known/smart-configuration. This means that even if you see in your browser console that the request for https://apporchard.epic.com/interconnect-aocurprd-oauth/api/FHIR/R4/.well-known/smart-configuration if failing with 404, that should be fine and it is not the reason for the failure.
You can try to execute localStorage.debug = "FHIR.*" in the console and then try to launch again and observe what messages are generated.
Thanks,
Vlad
--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/smart-on-fhir/f61bfea7-7331-4aa0-905b-d8c0181c5609n%40googlegroups.com.
Tyler Silcox
Oct 22, 2020, 10:33:38 AM10/22/20
to SMART on FHIR
Is there anyway to get a more detailed error message? I'm working with the original poster above and we can't get any other response besides the "Something went wrong trying to authorize the client. Please try logging in again." error page.
I've tried in the simulator using the same straight foward SMART on FHIR client-js code that works with Cerner OAuth.
I've tried in the simulator using the same straight foward SMART on FHIR client-js code that works with Cerner OAuth.
const options: any = {
'scope': 'launch online_access patient/Patient.read',
'response_type': 'code',
'redirect_uri':'http://localhost:4200/epic/ready',
'client_id': ff9bda66-1111-2222-3333-123456789012,
'launch': 'eyJhbGciO...V_A', // using the launch token included in the URL
'state': 'dev-abc-123',
'completeInTarget': true // prevents warning in simulator
}
this.fhir.oauth2.authorize(options);
The simulator will hit our localhost authorize page and we can debug in the console, but as soon as the authorize method is called, something on Epic's side appears to fail and it redirects to the error page without any information in the localhost debug. I read in Epic's documentation that the promise then()/catch() result of the authorize() is ignored, but I tried anyways and didn't get any more details.
And I've tried the Epic OAuth endpoint with Postman and receive the same client based error.
PARAMS (for readability):
And I've tried the Epic OAuth endpoint with Postman and receive the same client based error.
PARAMS (for readability):
response_type:code
client_id:ff9bda66-1111-2222-3333-123456789012
scope:launch%20online_access%20patient%2FPatient.read
redirect_uri:http%3A%2F%2Flocalhost%3A4200%2Fepic%2Fready
state:dev
launch:eyJhbGciO...V_A
Is this a CORS issue? I've created more than one App in the Epic sandbox and I'm using the non-production client_ids. I've waited 12+ hours to test after making edits. Any other ideas or ways to test?
Is this a CORS issue? I've created more than one App in the Epic sandbox and I'm using the non-production client_ids. I've waited 12+ hours to test after making edits. Any other ideas or ways to test?
Tyler Silcox
Oct 22, 2020, 11:05:49 AM10/22/20
to SMART on FHIR
And to add to this, I tried the example OAuth endpoint from Epic's OAuth documentation in Postman and it displays a login screen:
https://apporchard.epic.com/interconnect-aocurprd-oauth/oauth2/authorize?scope=launch&response_type=code&redirect_uri=https%3A%2F%2Fapporchard.epic.com%2Ftest%2Fsmart&client_id=d45049c3-3441-40ef-ab4d-b9cd86a17225&launch=GwWCqm4CCTxJaqJiROISsEsOqN7xrdixqTl2uWZhYxMAS7QbFEbtKgi7AN96fKc2kDYfaFrLi8LQivMkD0BY-942hYgGO0_6DfewP2iwH_pe6tR_-fRfiJ2WB_-1uwG0&state=abc123
This makes me think our client_id id is not valid/our app is not being enabled in the sandbox.
This makes me think our client_id id is not valid/our app is not being enabled in the sandbox.
Tyler Silcox
Nov 9, 2020, 8:53:07 AM11/9/20
to SMART on FHIR
Status update:
It started working several days after I posted this here and within App Orchard's support without any changes on my part. I'm not sure if Epic updated something or if there's a cache but it would be really nice if there were some documentation on this for future users.
Now I'm having an issue retrieving the current user with scope of launch openid fhirUser but I'll research until I hit another deadend.
It started working several days after I posted this here and within App Orchard's support without any changes on my part. I'm not sure if Epic updated something or if there's a cache but it would be really nice if there were some documentation on this for future users.
Now I'm having an issue retrieving the current user with scope of launch openid fhirUser but I'll research until I hit another deadend.
Reply all
Reply to author
Forward
0 new messages